As large-scale data breaches become regular occurrences, and new regulations are implemented, shareholder derivative suits are increasingly being used by investors seeking to be made whole after data breaches. Boards of directors need to take note and understand the increasing costs and risks these suits pose. In this second part of a guest article series, Shearman & Sterling attorneys Jeewon Kim Serrato, Marc Elzweig and David Lee draw on the recent cases examined in part one and identify five lessons that boards may learn from these suits – lessons that are applicable to companies seeking to assess litigation risks related to data breaches and that also provide a practical starting point for managing cybersecurity risks in general. See “Key Post-Breach Shareholder Litigation, Disclosure and Insurance Selection Considerations” (Aug. 3, 2016).