Cybersecurity, Cybercrime, & Incident Response

The threat of a cyber attack is among the most potentially costly and harmful risks facing businesses and individuals today. Even an unsuccessful attack can raise a host of significant and complex issues for any business, such as regulatory investigations and enforcement actions, civil lawsuits, adverse media attention, and duties to notify customers, regulators, and investors. And as the nature of the cyber threat is constantly changing, so too is the legal and regulatory landscape, as lawmakers across multiple jurisdictions scramble to enact new rules to address cyber threats and civil litigants explore new theories of liability against businesses that have suffered a data breach.

Our team of cybersecurity attorneys – which includes former federal cybercrime prosecutors, regulatory and enforcement attorneys, and litigators – counsel companies and individuals in addressing today’s emerging cybersecurity threats and in best practices for complying with new rules and requirements.

We work with companies to prepare for the reality of persistent cyber attacks and to comply with cybersecurity rules and regulations. To that end, we assist companies in developing data security policies and procedures, as well as incident response plans. Further, we team with cybersecurity and forensic experts to facilitate data and network mapping exercises, assess risks posed by third-party service providers, and test a company’s cyber preparedness.

In the event of a cyber attack, we assist companies with cyber crisis management.  This encompasses efforts to identify the threat, determine its scope and severity, consider whether and how to work with law enforcement, obtain forensic analysis and support, determine whether customers or government agencies should or must be notified, draft appropriate disclosures, and defend companies in regulatory investigations and civil litigation arising from cyber incidents.

We also defend individuals in cyber-related investigations and prosecutions, and work with victims of cyber stalking and extortion to obtain justice.

View Practice Contacts

Looking Forward

The coming change of administration in the U.S. promises more aggressive cybersecurity and data privacy enforcement from federal regulators. On the state level, California’s recently passed Privacy Ballot Initiative imposes new privacy rules—in addition to those in the California Consumer Privacy Act—on any business with sufficient contacts with that sta. And internationally, countries around the world are racing to adopt new data protection laws while foreign regulators, particularly those within the EU, are becoming more aggressive in seeking to punish businesses for missteps and noncompliance. At the same time, we expect that private cyber-criminals and sophisticated nation-state actors will continue to target businesses of all sizes and in all industries. Meanwhile, human error and trusted vendors will remain the biggest vectors for cyberattacks. If businesses have not done so already, now is a good time to reassess their cybersecurity and data privacy programs.