The last few years have seen a steady rise in the number of securities class action lawsuits. Filings have reached levels not seen since 2001 after the dot-com crash.1 In 2018, the volume of cases filed was more than twice the number in 2014, ending a period of relative stability since 2007.2
The recent increase in securities class action filings has been driven, at least in significant part, by two types of lawsuits: merger-objection and event-driven securities litigation.
Merger-objection lawsuits are filed after a company is involved in a merger or acquisition and allege that the board of directors did not adequately protect the interests of shareholders when negotiating the transaction. In 2018, more than eight of ten mergers resulted in a securities lawsuit objecting to the merger.
Event-driven litigation is filed after a company experiences an adverse event or catastrophe, such as a product recall, plant explosion, or cyberattack. Traditionally, lawsuits following these events were filed on behalf of those directly impacted, such as customers alleging that they were harmed by a defective product. Securities lawsuits also may follow a major negative event with shareholders alleging that they were harmed (1) by the event due to the failure of corporate leadership to disclose the risk that such an event would occur or put proper controls in place to prevent it or (2) by an inadequate response to the event that resulted in greater loss to the corporation and its shareholders.
Diverse issues facing corporate America—including sexual harassment, cybersecurity, and climate change—have been making their way into securities litigation with increasing frequency. The #MeToo movement has made sexual harassment and misconduct issues an important securities litigation risk. Like other event-driven litigation, these issues may involve a negative public event, such as revelations of sexual misconduct or a data breach disclosing customer information, which causes serious financial harm to the corporation. Securities litigation may follow these events, with shareholders arguing, for example, that the board of directors mishandled allegations of sexual harassment or failed to disclose to investors the impact of climate change on business operations. These derivative and securities class action lawsuits, which have given rise to additional sources of directors and officers (D&O) liability, raise significant concerns regarding the legal duties of corporations and their boards in addressing these important issues.
Increased Securities Action Lawsuits
In 2018, securities lawsuit filings reached their highest level since 2001.3 New filings have doubled since 2014, when there were 218 federal court securities class action filings, and filings had been relatively stable since 2007. In 2017, the number of new securities class actions filed was 434. It was slightly higher in 2018 at 441 new filings. There were 341 federal court securities lawsuit filings between January and September 2019.4
The high federal court filing numbers do not represent the full scope of the increase in securities filings. The number of state court filings has also increased significantly in the wake of the U.S. Supreme Court’s Cyan decision, where the Court held that state courts retain concurrent jurisdiction for cases involving alleged violations of the 1933 Securities Act.5
The number of merger-objection lawsuits has significantly increased in recent years.6 These lawsuits are filed after a company is involved in a merger or acquisition. Typically, merger-objection litigation alleges that the company’s board of directors breached its fiduciary duties by conducting a flawed sale process that failed to maximize shareholder value.7 Merger-objection lawsuit filings have increased rapidly to the point where, in 2018, 85 percent of mergers were met with a suit objecting to the merger.8 In 2009, there were 24 merger-objection filings out of the 205 securities class action lawsuits filed in federal court.9 In 2016, the number of filings was 92. In 2017, merger-objection lawsuit filings jumped to 204 and were relatively stable in 2018 at 210 filings. The rate of merger-objection lawsuits has also increased. In 2018, nearly one in ten S&P 500 companies was the target of a merger-objection lawsuit.10
Merger-objection lawsuits are often resolved by settlements where the defendants pay attorney fees to plaintiffs’ counsel and shareholders receive only a “supplemental disclosure” of information not included in the original proxy statement of the proposed merger. Even if a merger-objection case is resolved by a disclosure-only settlement, it still involves costs to the defendants, and the costs to defend and settle these suits are increasing.11 One insurer revealed that its average total costs associated with a settled merger-objection lawsuit increased 63 percent in the four-year period between 2012 and 2016, increasing from $2.8 million in 2012 to $4.5 million in 2016.12 The portion of total claim payments going to shareholders during this time was 39 percent, with the other 61 percent going to plaintiffs and defense counsel in the form of attorney fees and expenses.
Courts are scrutinizing disclosure-only settlements. In January 2016, the Delaware Court of Chancery in In re Trulia, Inc. Stockholder Litigation rejected one such settlement, finding that the supplemental disclosures were not “material or even helpful” to shareholders.13 In June 2019, Judge Thomas M. Durkin of the Northern District of Illinois rejected a disclosure-only settlement as a “racket” because the settlement provided the shareholders
nothing of value, and instead caused the company in which they hold an interest to lose money. The quick settlements obviously took place in an effort to avoid the judicial review this decision imposes.”14
Some argue that the Trulia decision will lead to fewer merger-objection lawsuits and has already contributed to a decline in the rate of merger-objection filings.15
The filings of other, more standard securities class action lawsuits—those not objecting to a merger or acquisition—are also above historical levels. Of the 341 securities class actions filed between January and September 2019, 204 were more traditional lawsuits alleging violations of U.S. securities laws.16 This figure suggests a trend to a year-end total of 272 standard securities lawsuits, which is, by historical standards, an extraordinary number of securities lawsuit filings and would be higher than the annual total number of securities lawsuit filings in any year during the period 2003 to 2015. NERA Economic Consulting found that the standard securities class action lawsuits filed in 2018 represent nearly $1 trillion in investor losses.17
Event-Driven Securities Litigation
There has been substantial growth in securities class action litigation driven by the occurrence of an adverse event or catastrophe. Unlike a traditional securities lawsuit, which may result from financial misstatements or accounting misrepresentations, event-driven securities lawsuits derive from negative events such as a product failure, plant explosion, data breach, or law enforcement action.18 The greatest growth can be found in securities lawsuits related to regulatory actions that resulted in a decline in the company’s share price. In 2018, Johnson & Johnson disclosed possible asbestos contamination of its baby talcum powder, which caused its stock to drop by 10 percent in one day.19 A securities class action was filed shortly thereafter.20
A dramatic example of event-driven securities litigation can be found with respect to the Brazilian state-owned energy company Petróleo Brasileiro S.A. (Petrobras). The company was being investigated by the Brazilian government in an investigation code-named Car Wash.21 The “event” occurred when a Petrobras executive was arrested and described to prosecutors a vast and extraordinary web of corruption that involved $5 billion in illegal payments to company executives and politicians, including Brazil’s then president. Following these revelations, the share price of the company’s American depositary shares declined by 46 percent.22 The securities lawsuit filed by Petrobras investors resulted in a $2.95 billion settlement in 2018, one of the largest U.S. securities lawsuit settlements.
Another example of event-driven securities litigation resulted from the wildfires of California. On November 8, 2018, two wildfires, the Woolsey and Hill fires, burned in Southern California. Shortly after the fires commenced, Southern California Edison Company (SCE), a subsidiary of Edison International, reported to the California Public Utilities Commission (CPUC) that it had experienced an incident at one of its electricity substations in the area just before the fires began. The CPUC later announced publicly that it was investigating the cause of the fires, including whether the electrical facilities were in compliance with applicable rules and regulations.
Wasting no time, on November 16, 2018, an Edison shareholder filed a securities class action lawsuit against Edison and SCE.23 The complaint alleged that the companies made false and misleading statements or failed to disclose that
(i) the Company failed to maintain electricity transmission and distribution networks in compliance with safety requirements and regulations promulgated under state law; (ii) consequently, the Company was in violation of state law and regulations; (iii) the Company’s noncompliant electricity networks created a significantly heightened risk of wildfires in California; and (iv) as a result, the Company’s public statements were materially false and misleading at all relevant times.24
The complaint alleged that following the CPUC’s announcement that it was investigating SCE, Edison’s share price fell 12 percent. The complaint further alleged that, as the fires continued to burn over the next several days, Edison’s share price continued to fall, for a total decline of 32 percent from its price before the CPUC announcement.
More recently, on October 25, 2019, a securities lawsuit was filed against three executives of PG&E, another California utility company.25 Like the Edison lawsuit, the complaint alleged that the executives had damaged the company by failing to implement precautionary measures to decrease the threat of wildfires in California communities. In alleging that PG&E’s public statements on its efforts to address wildfire-related threats were false and misleading, the complaint quotes statements by PG&E executives regarding the effect that climate change has had on the wildfire risk. The complaint quotes one executive as saying that “[i]n recent years, we’ve made significant changes and additions to our business to combat these weather events, but the climate is changing faster.”26
The PG&E lawsuit was filed at the same time Exxon Mobil faced a trial that highlighted another way in which climate change can impact corporate liability. Exxon was accused of misleading its shareholders about the future impact that climate change regulations would have on the company’s value.27 While Exxon’s public financial disclosures assumed that governments would place stricter limits on emissions, it was alleged that Exxon did not rely on these same assumptions when evaluating new energy projects. According to the complaint, if Exxon’s public assumptions were correct, then it was investing in projects that would violate those future climate regulations and impose billions of dollars of additional costs on the company. Climate change will continue to present long-term risks to businesses, and therefore event-driven securities litigation involving climate change issues is likely to increase.
Despite the rise in event-driven securities litigation, courts are confronting these lawsuits with some skepticism. Event-driven securities lawsuits have a higher dismissal rate than more traditional securities lawsuits, with a dismissal rate approaching 60 percent.28 This, of course, means that 40 percent of event-driven securities filings survive a motion to dismiss.
Securities Claims in the Wake of the #MeToo Movement
The “events” giving rise to securities class action lawsuits have further expanded with the development of the #MeToo movement. The term “Me Too” was first used by Tarana Burke in 2006 as a way to help women and girls of color who had survived sexual violence.29 She had no idea at the time that the phrase would become a slogan of the anti–sexual harassment movement in 2017. This new level of awareness of and intolerance for sexual misconduct has led to increased efforts to hold wrongdoers liable, including directors and officers who permitted the behavior or turned a blind eye. Accordingly, in addition to direct lawsuits against the corporation for sexual harassment, which may impact lines of coverage including employment practices liability or general liability insurance, the #MeToo movement also has resulted in D&O claims against the officers and directors of a company for violating their fiduciary duties in failing to monitor, investigate, or properly resolve claims of sexual harassment. These securities lawsuits are either (1) shareholder derivative claims that the board mismanaged sexual misconduct issues, causing a decrease in corporate value; or (2) securities class actions alleging a drop in share price as a result of the company’s handling of sexual misconduct allegations and negative publicity.
The effect that the #MeToo movement has had on D&O liability can be seen at Alphabet, the parent company of Google. On October 25, 2018, the New York Times published an article disclosing Alphabet’s concealment of payouts to high-level male executives at Google who had been credibly accused of sexual harassment.30 According to the article, while Alphabet had asked two of the executives to leave after finding allegations against them to be credible, neither was fired for cause, and both received significant exit packages.31 Following the Times article, Alphabet disclosed an additional 48 cases of sexual harassment, including 13 complaints against senior managers or executives.32
The Alphabet disclosure led to exposures beyond sexual harassment and discrimination lawsuits. On November 1, 2018, 20,000 Alphabet employees participated in a “Google Walkout” to protest the company’s inadequate approach to sexual harassment and discrimination.33 Shortly thereafter, shareholder derivative lawsuits were filed against Alphabet’s board.34 The lawsuits assert a “culture of concealment” relating to “a long-standing pattern of sexual harassment and discrimination by high-powered male executives.” According to the complaints, the “pattern of concealment” was “intended to protect the interests of the Company’s top earning executives and the Board.” The lawsuits alleged that the board members had made a “conscious and intentional decision to conceal the sexual harassment at Google” and that the board’s conduct in allowing this corporate culture had damaged the company in terms of the exit packages the company paid, exposed the company to litigation, and led to a 7 percent decline in the company’s stock price.
The Alphabet case is also an example of how the #MeToo movement has expanded potential management liability in cases of sexual harassment or discrimination. In addition to allegations of sexual misconduct, the Alphabet shareholder derivative lawsuits also alleged that sexual discrimination in the male-dominated company culture resulted in gender-based pay and advancement disparity.
Similarly, in August 2018, Nike shareholders filed a shareholder derivative action against its board of directors, claiming that a “boy’s club” culture resulted in bullying, sexual harassment, and gender discrimination of Nike’s female employees.35 The complaint alleged that a senior executive had fostered this environment, and, instead of being fired for cause and held accountable, he was unjustly enriched by tens of millions of dollars. The complaint claimed that this environment caused damage to Nike’s reputation, goodwill, and standing in the business community and had subjected Nike to a federal class action lawsuit brought by two former employees accusing the company of pay inequity and gender discrimination.
A lawsuit against Signet Jewelers took yet another form. In March 2018, an amended securities class action complaint was filed against the owner of Kay Jewelers, Jared the Galleria of Jewelry, and Zales the Diamond Store brands, alleging that the company misled investors about a culture of sexual harassment.36 According to the complaint, Signet Jewelers made false statements in filings with the Securities Exchange Commission concerning an employment class action lawsuit that previously had been filed against the company by stating that the class action alleged discrimination at the “store level.” Later, however, documents from the class arbitration were made public; and these contained allegations by hundreds of employees that sexual harassment was not confined to “store-level employees” but was rampant at Signet Jewelers at all levels, including among senior executives. In December 2018, the court denied Signet Jewelers’ motion to dismiss, concluding that the plaintiffs had properly alleged securities fraud relating to the company’s public disclosures.
Securities Litigation Driven by Cybersecurity and Data Breaches
Cybersecurity has become a significant risk management concern for corporations, and in recent years it also has developed into a potential source of liability for directors and officers. While potential securities litigation may be a low priority for management immediately following a cyberattack or data breach, the litigation that follows presents significant potential exposure. The failure of directors and officers to adopt policies and procedures to avoid a cyberattack or data breach will be scrutinized in a shareholder action. The company’s response to the incident also has the potential to draw litigation related to disclosures made after the incident.
For example, on June 26, 2019, FedEx and certain of its directors and officers were sued in a securities case alleging that the company had made fraudulent disclosures concerning the extent of the impact of a cyberattack.37 FedEx had acquired TNT Express N.V. for $4.8 billion and was in the process of integrating TNT when the NotPetya malware virus struck. According to the complaint, FedEx assured investors that any negative impact from the attack was minimal, that customers “stuck with us,” and that FedEx was “on track” to achieve its integration goals.38 The complaint alleged that as the truth about TNT’s deteriorating business and higher-than-expected integration costs were revealed, FedEx’s stock declined and FedEx’s shareholders were damaged.
In an effort to ensure that companies adequately inform shareholders of cybersecurity risks and incidents, the SEC issued guidance in February 2018 for cybersecurity disclosures.39 While the SEC has been criticized for its lack of helpful suggestions, the guidance does recognize that cybersecurity disclosures are encompassed in the existing U.S. securities laws and requirements, explaining that “although no existing disclosure requirement explicitly refers to cybersecurity risks and cyber incidents, companies nonetheless may be obligated to disclose such risks and incidents.”40 Importantly, the SEC’s guidance states that
[g]iven the frequency, magnitude and cost of cybersecurity incidents, . . . it is critical that public companies take all required actions to inform investors about material cybersecurity risks and incidents in a timely fashion, including those companies that are subject to material cybersecurity risks but may not yet have been the target of a cyber-attack.41
A few months after issuing its guidance on cybersecurity disclosures, the SEC levied a $35 million penalty against Yahoo’s successor for a two-year delay in disclosing a massive data breach that occurred in 2014.42 While the breach was reported to Yahoo’s senior management and legal department, the company allegedly failed to properly investigate the incident or consider whether it should be disclosed to investors. The fine was yet another high payment for Yahoo, which had previously paid $29 million to settle a shareholder derivative action alleging that former directors and officers had failed to properly oversee the company’s handling of a series of cyberattacks occurring between 2013 and 2016. In 2018, Yahoo also paid $80 million to settle a securities lawsuit relating to the cyberattacks.43
Equifax was also drawn into securities litigation following its announcement in September 2017 of a “cybersecurity incident” potentially impacting 143 million U.S. customers.44 Along with consumer lawsuits alleging security negligence against Equifax—which Equifax later settled for payment of $425 million—securities lawsuits followed the disclosure. The plaintiffs alleged that Equifax had issued materially false or misleading statements or failed to disclose that
(1) the Company failed to maintain adequate measures to protect its data system; (2) the Company failed to maintain adequate monitoring systems to detect security breaches; (3) the Company failed to maintain proper security systems, controls and monitoring systems in place; and (4) as a result of the foregoing the Company’s financial statements were materially false and misleading at all relevant times.45
The complaint also alleged that, just days after the company discovered the data breach, Equifax executives sold off company stock. The complaint asserted that Equifax’s stock value declined nearly 17 percent following disclosure of the data breach. In January 2019, the securities lawsuit survived a motion to dismiss.
A significant trend in D&O liability has been the recent and dramatic uptick in securities class action filings. As more of these securities lawsuits are driven by catastrophic events and social issues, this presents unique challenges for directors and officers as well as for insurance companies providing D&O liability insurance. These risks are challenging to anticipate, and therefore it is more difficult to predict and quantify potential exposures. Underwriting practices must continue to look beyond an analysis of the applicant company’s financials to find ways to identify potential catastrophic or adverse events likely to result in liability to the corporation, its directors and officers, and, ultimately, their insurers.
1. Stefan Boettrich & Svetlana Starykh, NERA Econ. Consulting, Recent Trends in Securities Class Action Litigation: 2018 Full-Year Review 1 (2019), http://www.nera.com/content/dam/nera/publications/2019/PUB_Year_End_Trends_012819_Final.pdf.
2. Id. at 2.
4. Svetlana Starykh & Janeen McIntosh, NERA Econ. Consulting, Recent Trends in Securities Class Action Litigation: 2019 Q3 Update 1 (2019), http://www.nera.com/content/dam/nera/publications/2019/2019-Q3_Trends_Update_1019.pdf.
5. Cyan, Inc. v. Beaver Cty. Emps. Retirement Fund, 138 S. Ct. 1061 (2018).
6. Press Release, Chubb, Rising Volume and Cost of Securities Class Action Lawsuits Is a Growing Tax on U.S. Business, Chubb Data Reveals (July 10, 2018), http://news.chubb.com/2018-07-10-Rising-Volume-and-Cost-of-Securities-Class-Action-Lawsuits-is-a-Growing-Tax-on-U-S-Business-Chubb-Data-Reveals.
7. Cornerstone Research, Shareholder Litigation Involving Acquisitions of Public Companies: Review of 2018 M&A Litigation (2019), http://www.cornerstone.com/Publications/Reports/Shareholder-Litigation-Involving-Acquisitions-of-Public-Companies-Review-of-2018-M-and-A-Litigation-pdf.
8. Andrew J. Pincus, U.S. Chamber Inst. for Legal Reform, A Rising Threat: The New Class Action Racket That Harms Investors and the Economy 8 (2018), https://instituteforlegalreform.com/wp-content/uploads/2020/10/A_Rising_Threat_Research_Paper-web_1.pdf.
9. Boettrich & Starykh, supra note 1, at 5.
10. Cornerstone Research, Securities Class Action Filings: 2018 Year in Review 12 (2019), http://www.cornerstone.com/Publications/Reports/Securities-Class-Action-Filings-2018-Year-in-Review.
11. Press Release, Chubb, supra note 6.
13. 129 A.3d 884 (Del. Ch. 2016).
14. House v. Akorn, Inc., 385 F. Supp. 3d 616, 623 (N.D. Ill. 2019).
15. Boettrich & Starykh, supra note 1, at 4–6.
16. Starykh & McIntosh, supra note 4, at 2.
17. Id. at 4.
18. John C. Coffee Jr., Event-Driven Securities Litigation: Its Rise and Partial Fall, N.Y. L.J. (Mar. 20, 2019), http://www.law.com/newyorklawjournal/2019/03/20/event-driven-securities-litigation-its-rise-and-partial-fall.
19. Ciara Linnane, Johnson & Johnson’s Stock Slammed After Report It Knew of Asbestos in Baby Powder, MarketWatch (Dec. 14, 2018), http://www.marketwatch.com/story/johnson-johnson-stock-slammed-by-report-it-knew-of-asbestos-in-baby-powder-2018-12-14.
20. Class Action Complaint, Hall v. Johnson & Johnson, No. 3:18-cv-01833 (D.N.J. Feb. 8, 2018).
21. Jonathan Watts, Operation Car Wash: Is This the Biggest Corruption Scandal in History?, Guardian (June 1, 2017), http://www.theguardian.com/world/2017/jun/01/brazil-operation-car-wash-is-this-the-biggest-corruption-scandal-in-history.
22. Class Action Complaint, Kaltman v. Petróleo Brasileiro S.A.–Petrobras, No. 1:14-cv-09662 (S.D.N.Y. Dec. 8, 2014).
23. Class Action Complaint, Barnes v. Edison Int’l, No. 2:18-cv-09690 (C.D. Cal. Nov. 16, 2018).
24. Id. at 3.
25. Class Action Complaint, Vataj v. Johnson, No. 4:19-cv-06996 (N.D. Cal. Oct. 25, 2019).
26. Id. at 9.
27. Nicholas Kusnetz, Exxon’s Climate Fraud Trial Opens to a Packed New York Courtroom, Inside Climate News (Oct. 22, 2019), https://insideclimatenews.org/news/22102019/exxon-climate-fraud-trial-starts-new-york-letitia-james-tar-sands.
28. Jeffrey A. Dailey & Neal Ross Marder, The Rise in Event-Driven Securities Litigation—Why It Matters to Directors and Officers 2 (2018), http://www.akingump.com/images/content/9/9/v2/99361/the-rise-in-event-driven-securities-litigation-why-it-matters-to.pdf.
29. Abby Ohlheiser, The Woman Behind “Me Too” Knew the Power of the Phrase When She Created It—10 Years Ago, Wash. Post (Oct. 19, 2017), http://www.washingtonpost.com/news/the-intersect/wp/2017/10/19/the-woman-behind-me-too-knew-the-power-of-the-phrase-when-she-created-it-10-years-ago.
30. Daisuke Wakabayashi & Katie Benner, How Google Protected Andy Rubin, the “Father of Android,” N.Y. Times (Oct. 25, 2018), http://www.nytimes.com/2018/10/25/technology/google-sexual-harassment-andy-rubin.html.
32. Google Reveals 48 Employees Fired for Sexual Harassment, Associated Press (Oct. 25, 2018), http://www.apnews.com/06bbde4e7ba449089a62d8d351ecbe8c.
33. Isobel Asher Hamilton, A Googler Vividly Described the “Disastrous” Leadership Meeting That Sparked a Giant Protest over Sexual Misconduct, Bus. Insider (Nov. 21, 2018), http://www.businessinsider.in/a-googler-vividly-described-the-disastrous-leadership-meeting-that-sparked-a-giant-protest-over-sexual-misconduct/articleshow/66738768.cms.
34. Verified Stockholder Derivative Complaint, N. Cal. Pipe Trades Pension Plan v. Hennessey, No. 19CIV00149 (Cal. Super. Ct. Jan. 9, 2019); Shareholder Derivative Complaint, Martin v. Page, No. 19CIV00164 (Cal. Super. Ct. Jan. 10, 2019).
35. Complaint, Stein et al v. Knight, No. 18CV38553 (Or. Cir. Ct. Aug. 31, 2018).
36. Fifth Amended Class Action Complaint, In re Signet Jewelers Ltd. Sec. Litig., No. 1:16-cv-06728 (S.D.N.Y. Mar. 22, 2018).
37. Todd D. Kremin & Marc S. Voses, FedEx Becomes Victim of Latest Spat of Large Scale Cyber-Related Securities Class Actions, Lexology (July 23, 2019), http://www.lexology.com/library/detail.aspx?g=1d80ab7f-e338-440d-b26d-212fd854aff1.
38. Complaint, R.I. Laborers’ Pension Fund v. FedEx Corp., No. 1:19-cv-05990 (S.D.N.Y. June 26, 2019).
40. Id. at 5–6.
41. Id. at 4.
42. Kathleen Hamm, Cybersecurity: Where Are We, and What More Can Be Done?, CPA J. (Sept. 2019), http://www.cpajournal.com/2019/09/16/cybersecurity-where-are-we-and-what-more-can-be-done.
43. Ross Todd, Judge OKs Yahoo’s $80 Million Deal to Settle Securities Litigation over Data Breaches, Recorder (Sept. 10, 2018), http://www.law.com/therecorder/2018/09/10/judge-oks-yahoos-80-million-deal-to-settle-securities-litigation-over-data-breaches.
44. Press Release, Equifax, Equifax Announces Cybersecurity Incident Involving Consumer Information (Sept. 7, 2017), https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000628.
45. Class Action Complaint, Kuhns v. Equifax Inc., No. 1:17-mi-99999 (N.D. Ga. Sept. 8, 2017).