Cybersecurity, Cybercrime, & Incident Response

The threat of a cyber attack is among the most potentially costly and harmful risks facing businesses and individuals today. Even an unsuccessful attack can raise a host of significant and complex issues for any business, such as regulatory investigations and enforcement actions, civil lawsuits, adverse media attention, and duties to notify customers, regulators, and investors. And as the nature of the cyber threat is constantly changing, so too is the legal and regulatory landscape, as lawmakers across multiple jurisdictions scramble to enact new rules to address cyber threats and civil litigants explore new theories of liability against businesses that have suffered a data breach.

Our team of cybersecurity attorneys – which includes former federal cybercrime prosecutors, regulatory and enforcement attorneys, and litigators – counsel companies and individuals in addressing today’s emerging cybersecurity threats and in best practices for complying with new rules and requirements.

We work with companies to prepare for the reality of persistent cyber attacks and to comply with cybersecurity rules and regulations. To that end, we assist companies in developing data security policies and procedures, as well as incident response plans. Further, we team with cybersecurity and forensic experts to facilitate data and network mapping exercises, assess risks posed by third-party service providers, and test a company’s cyber preparedness.

In the event of a cyber attack, we assist companies with cyber crisis management.  This encompasses efforts to identify the threat, determine its scope and severity, consider whether and how to work with law enforcement, obtain forensic analysis and support, determine whether customers or government agencies should or must be notified, draft appropriate disclosures, and defend companies in regulatory investigations and civil litigation arising from cyber incidents.

We also defend individuals in cyber-related investigations and prosecutions, and work with victims of cyber stalking and extortion to obtain justice.

Looking Forward

We expect that private cybercriminals and sophisticated nation-state actors will continue to target businesses of all sizes and in all industries. Meanwhile, human error and trusted vendors will remain the biggest vectors for cyberattacks. We also expect that cybersecurity and data privacy compliance challenges will only become more complex for businesses. Lawmakers have taken note of the continuous stream of mega-breaches and have set about introducing ever-stricter data protection laws across the U.S. and around the world, such as the California Consumer Privacy Act. At the same time, regulators on both side of the Atlantic have issued record-setting fnes under the EU’s General Data Protection Regulation and U.S. laws such as the FTC Act and the Children’s Online Privacy Protection Act. And state attorneys general have been particularly active in seeking to make examples of firms for cybersecurity and privacy missteps.