ATLANTA, Nov. 7, 2016 /PRNewswire/ -- When cybercriminals attack retailers and other businesses - potentially placing the data of millions of people at risk - C-level executives like CEOs and CIOs may lose their jobs and could be exposed to crippling lawsuits, warns Christopher A. Wiech, a partner in national law firm LeClairRyan's Atlanta office. Photo - http://photos.prnewswire.com/prnh/20161104/436401 There may be a lack of understanding and communication across the C-Suite when it comes to cybersecurity practices, says Wiech, a member of LeClairRyan's Privacy and Data Security Practice who explores these issues in a recent blog, The C-Suite's Perspective on Cybersecurity and Liability. His post appears in the firm's Information Countsblog, which focuses on privacy, data security, information technology, e-commerce and other digital issues. A good defensive plan begins with an understanding how your organization gathers, stores, accesses and utilizes its data, Wiech notes. "Also be aware of any government regulations that apply, as well as industry or other standards that address data gathering, storage, protection and use, like PCI (Payment Card Industry) data compliance standards," he advises. "You need to be diligent, because your actions will be closely scrutinized in the event of a hack or other data breach." The first notable case against the C-suite following a data incident was In re Heartland Payment Systems, Inc. Securities Litigation, where the plaintiffs alleged that the C-Suite concealed a cyber attack. "The court dismissed the lawsuit, recognizing that 'the fact that a company faces certain security problems does not of itself suggest that the company does not value data security,'" relates Wiech. "Central to the court's analysis in Heartland were the actions taken by the CEO and CFO before and after the data incident." Despite that, a recent IBM cybersecurity survey of more than 700 C-Suite executives across 18 industries and 28 countries found that although 94 % believe that their company will "experience a cybersecurity incident" in the next two years, only 65 % said they were confident about their company's cybersecurity plans. Also troubling: 60 % of the Chief Financial, HR, and Marketing Officers surveyed said they are the "least involved" in cybersecurity measures, even though they are the individuals responsible for data most coveted by cybercriminals. Part of the challenge is the lack of a "bright line" data security standard, putting executives on notice of exactly what their organizations should be doing when it comes to cybersecurity, according to Wiech. "There is no generalized standard for data security; it is a question of business judgment," he explains. "A court or jury will generally consider whether or not the executive made an informed, diligent decision on behalf of, and in the best interests of, the company and its shareholders - the Business Judgment Rule - but those decisions are made on a case-by-case basis."