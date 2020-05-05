Cyber attacks have increased in frequency and show no signs of abating. From criminal hackers to nation-state intruders, organizations are constantly facing a barrage of threats from well-funded, dedicated and sophisticated adversaries. In this volatile environment, company management and boards of directors will be judged and held accountable—by courts, regulators, shareholders and the public—for how well they prepare for and respond to data breaches and other cybersecurity events.

Given the financial and reputational costs associated with data breaches and cyber attacks, companies need a law firm with significant experience managing these events and mitigating their associated risks.

Services

We work with clients to address a broad range of issues related to cybersecurity incidents, and have been called upon to assist with every phase of data breach management, from preparedness and prevention to mitigation and resolution. Our experience with data breaches runs the gamut; we assist clients with all types of events, such as helping to minimize fallout resulting from the theft of a laptop, managing the aftershock of a large-scale data compromise, and intervening in massive cyber-extortion schemes against publicly traded companies.

Our lawyers have served as lead counsel on watershed cybersecurity incidents with far-reaching, global implications. We have extensive experience working on cybersecurity matters with federal law enforcement authorities, the Federal Trade Commission (FTC), the Securities and Exchange Commission (SEC), state attorneys general, EU data protection authorities and numerous other foreign government regulators.

Minimizing Risk: Breach Preparedness Activities

The best time to prepare for cyber events and data breaches is before they occur. While successful attacks may be inevitable, businesses can take steps to minimize the likelihood that they will be targeted by attackers and make it more difficult for hackers to obtain valuable information. We routinely work with clients on key breach readiness activities, including developing incident response plans and breach notification procedures; running executive-level tabletop exercises; crafting vendor management programs; analyzing cyber insurance portfolios; and engaging third-party experts in advance of an incident (including forensic investigation firms, credit monitoring and identity protection services, PR firms, call centers, and mail house and email distribution services). We also frequently meet with senior management to discuss cybersecurity legal developments, and have led numerous full board and audit committee discussions on these topics.

Post-Breach Counseling

When cybersecurity incidents occur, taking the right actions can restore consumer confidence and protect brands from further erosion. We handle all aspects of cyber events, including directing forensic investigations; analyzing legal requirements under state, federal and international laws; preparing regulatory and individual notifications; managing investigations and enforcement actions; handling discussions with payment card issuers; and developing board, business partner, public relations, call center and investor relations communications. We also provide ongoing privacy advice, conduct internal investigations, and address securities law issues and related topics to help companies emerge from the crisis that reverberates long after the triggering event. In addition, we handle the myriad resulting lawsuits involving consumers, employees, business partners, shareholders, insurers and others. We also work closely with internal legal and information security teams to conduct postmortem and lessons-learned exercises.

When a prior data breach or cybersecurity event is revealed in the course of an M&A transaction, the results can be devastating. Working together with our firm’s M&A lawyers, we guide companies through the risks and potential liabilities associated with inadequate privacy and data security practices in high-stakes corporate transactions. We work with clients to evaluate and address privacy- and data security-related challenges in the time-sensitive period preceding a transaction, and in post-closing integration.

