Are Lawsuits at the Top of Your Risk List?
FEATUREDRISKINTERNAL AUDITCOMPLIANCEBUSINESS
As we contemplate the uncertainty created by what we generously refer to as “dysfunctional government,” the editors at Internal Audit Next are seeing an entirely new level of complexity being introduced with what’s happening in the court systems. Legal risk is, perhaps, the new priority for GRC professionals in the decade ahead.
In Legal News …
Have you checked out the legal news lately? It seems that the courts are quickly becoming a battleground of what, at least until the last decade or so, was the domain of regulatory bodies within government. Fed up with a federal government that seems to be making more problems than it solves, plaintiffs are taking matters into their own hands and they have set their sights on big tech. We at Internal Audit Next think this will have ripple effects on the broader economy and we could be witnessing the start of a new form of regulatory compliance challenges facing companies. Challenges that will require audit and risk professionals to brush up on their legal knowledge.
First, we have to catch you up on the number of very interesting and important legal decisions that have happened in the past few weeks. On February 5, a federal jury awarded one (Emphasizing the single plaintiff here) person $8.5 Million who was sexually assaulted by the driver and found Uber responsible for the actions of that driver. This is significant because, according to the report, there are more than 3,000 similar lawsuits in court waiting to see the outcome of that trial. If you aren’t a math person, 3,000 cases times $8 Million is $24 Billion. That’s a lot of cash.
On top of that, everyone’s favorite quasi-government “volunteer,” Mr. Elon Musk, was found responsible for Twitter’s stock drop in 2022 when he sought to buy Twitter for $44 Billion. In a trial in California, everyone’s favorite part-time rancher and potential homesteader, Mr. Mark Zuckerberg, suffered a serious setback when a single person sued both Meta and YouTube, alleging that social media use at a young age led to mental health problems. The jury found Meta 70% responsible and YouTube 30% responsible and awarded the plaintiff $6 Million. In the same week Meta was hit with a $375 Million verdict in New Mexico, when a jury found them liable for endangering children and misleading users about the safety of its platforms. We will take a short pause for any of you reading to look into how you close down your Facebook, Instagram, and WhatsApp accounts. That’s us being cheeky, we kid because we love. [Insert winking emoji here].
What are the Implications?
The implications of these and other high profile cases will be far reaching. In the case of Musk, a lawsuit about his part-time role in helping find efficiencies within the federal government is progressing in court and could have major implications on regulatory oversight, or the lack thereof for decades to come. At issue are concepts like, “unchecked discretion,” and “supervision.” Much of the evidence against Musk in this case seems to be self-inflicted through his own posts on his aforementioned social media platform and emails he sent directly to the very employees he was trying to get to resign inside the federal government.
These are just a few of the things that mostly happened in the span of a single week. And as anyone in governance, risk, legal, and auditing roles can tell you, when one legal case prevails against a company or industry, it often opens the doors for many others. Our back of the napkin calculations about Uber is just one example of what this can mean in real dollars. The YouTube/Facebook verdict was one person. How many others might be in the same boat? Isn't Gen Z the anxious generation suffering from a much higher rate of mental health challenges? A very long way of saying, yes, we think it is material.
We haven’t even gotten into the challenges on the horizon that AI may face. Like it or not, large language models are successful because they rely on content. Lots and lots of content to help them learn. Much of that content was protected (at least to the best of the copyright holder's knowledge) under United States copyright law. Something large companies have gone to great pains to protect. Remember in 2020 when Disney’s then-CEO, Bob Iger, apologized to a school for charging them $250 for an “illegal screening” of the Lion King on Parents Night Out? Insert sad emoji here. Open AI’s position has been that, “If … American companies are left without fair use access, the race for AI is effectively over,” and then invoked national security as the justification for them to use copyrighted content for model training. While the courts move slowly, this could represent a great deal of risk and uncertainty into markets and industries beyond just technology companies in the years ahead. Our money is that more of these will get filed in 2026 as plaintiffs and lawyers want to be first in line at the start of what could be a long decade for companies in the court system.
GRC Professionals, Listen Up
We at Internal Audit Next see this as an opportunity for GRC professionals to drive important conversations with boards, legal teams, and executive leadership. Here are a few things audit and risk leaders can do:
Engage with legal teams to help understand the legal risks as it relates to liability.
If risk exists, quantify that risk. Put together the data that tells the story of what legal risk means. NOTE: partner with your legal team! Having an attorney, in the form of in-house or external counsel, will be important to understand the legal risk and may benefit from attorney/client privilege designations.
Engage your C-suite on the implications. Tell the story, using examples like the percentage of stock decline after a major legal decision, the implications of ongoing lawsuits, increasing legal costs, etc. Lawyers are expensive, especially the good ones.
Talk to the board, or at least the audit committee about what the risk could look like and why early discussions are important.
Determine what, if anything, can be done to improve outcomes. This includes everything from communications internally about specific business activities, to better guardrails related to products and/or services that could be subject to lawsuits.
Add it to the risk register and monitor it with data. Public lawsuits and large jury awards are often used by lawyers as justification to seek out new lines of revenue. Being aware of external factors (specifically, how many suits are getting filed, the number of plaintiff victories, jury awards, etc.) can help you understand what the risk profile actually is.
Remember that lawyers deal in facts and what has already occurred. Most legal experts aren’t in the business of speculation. Here at Internal Audit Next, we believe that’s your job. The role of the GRC professional is to identify the risk, define it, quantify it, and then come up with ways to support your organizations so they can mitigate it.
These are the opinions of the editors of Internal Audit Next and/or the writer who authored this article. Any use of this copyrighted material without permission of Internal Audit Next - including training for AI Models - is prohibited. Copyright 2026.