A good article on class action lawsuits in the United States that come after a ransomware attack:
"“Companies with good security sometimes have lapses,” Solove said. There isn’t a unified legal standard laying out what sort of security a company needs to have to protect it from liability if it loses its customers’ information or suffers a ransomware attack.
“It really isn’t clear what the standard of care is,” he said. “It’s tricky. All you have to do is fail on one thing.”
That means the potential for lawsuits will keep growing as ransomware attacks do. And if lawyers can reasonably show that a company made some kind of mistake in protecting its system, victims will have an avenue to sue."
I wrote a short article on the topic of cybersecurity lawsuits at the beginning of this year. See