The threat of a cyber attack is among the most potentially costly and harmful risks facing businesses and individuals today. Even an unsuccessful attack can raise a host of significant and complex issues for any business, such as regulatory investigations and enforcement actions, civil lawsuits, adverse media attention, and duties to notify customers, regulators, and investors. And as the nature of the cyber threat is constantly changing, so too is the legal and regulatory landscape, as lawmakers across multiple jurisdictions scramble to enact new rules to address cyber threats and civil litigants explore new theories of liability against businesses that have suffered a data breach.
Our team of cybersecurity attorneys – which includes former federal cybercrime prosecutors, regulatory and enforcement attorneys, and litigators – counsel companies and individuals in addressing today’s emerging cybersecurity threats and in best practices for complying with new rules and requirements.
We work with companies to prepare for the reality of persistent cyber attacks and to comply with cybersecurity rules and regulations. To that end, we assist companies in developing data security policies and procedures, as well as incident response plans. Further, we team with cybersecurity and forensic experts to facilitate data and network mapping exercises, assess risks posed by third-party service providers, and test a company’s cyber preparedness.
In the event of a cyber attack, we assist companies with cyber crisis management. This encompasses efforts to identify the threat, determine its scope and severity, consider whether and how to work with law enforcement, obtain forensic analysis and support, determine whether customers or government agencies should or must be notified, draft appropriate disclosures, and defend companies in regulatory investigations and civil litigation arising from cyber incidents.
We also defend individuals in cyber-related investigations and prosecutions, and work with victims of cyber stalking and extortion to obtain justice.
2017 saw further evolution concerning both cyber threats and cybersecurity regulations and featured a parade of headline-grabbing attacks that disrupted businesses and even government agencies around the world. Regulators have also expanded their cybersecurity efforts, with the SEC establishing a specialized Cyber Unit that intends to examine whether entities adequately prepared for and disclosed cyber risks and incidents. The SEC has also signaled the likely issuance of new guidance to public companies on disclosing cybersecurity incidents, in a sign that the agency is looking to improve industry practices that have been criticized in the wake of massive, news-making breaches. Meanwhile, state agencies have become more engaged in this area, with strict new cybersecurity rules issued by the New York Department of Financial Services coming into effect and state Attorneys General being increasingly active in initiating investigations and bringing enforcement actions in the wake of data breaches.