Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back

The Art of Managing a Cyber Security Breach

Written by: Bill Cheng & John Weaver

Published in NH Bar News (12/18/2019)

A cyber security breach can be terrifying for any company. Most business leaders and attorneys lack experience with this type of crisis, and few companies have prepared or practiced incident response procedures before a breach occurs.  Complicating the situation is the fact that no foolproof playbook for handling a cyber security breach, and doing so well is more art than science. Each breach response must be tailored to a multiplicity of variables (such as the specific business involved, information compromised, number and type of individuals affected, governmental regulatory agencies interested, local political and media climate, etc.), bringing to bear both skills and intuition developed from experience handling cyber breaches.

The response to an actual or potential breach must be instantaneous — action must be taken within hours, not days. It is imperative for the business to immediately retain an experienced cyber security attorney, in order to secure the protections of the attorney-client communication and work-product privileges throughout the breach response.

One of the immediate tasks in breach response is to determine if the business has an applicable insurance policy and, if so, the scope of coverage. Insurance for a breach of information differs from coverage for cyber financial theft, and carriers oftentimes can be persuaded (with the right leverage) to pay for the costs of breach investigation even if the policy may not cover the underlying liability.  Navigating the shoals of insurance is additionally risky, since securing coverage may require developing evidence that a breach occurred, whereas such evidence may be harmful with respect to the business’ rights and obligations vis-à-vis the individuals affected, governmental regulators, customers, vendors, and other third parties.

Retaining a qualified technology expert may be another immediate first step in the breach response process, if the circumstances warrant such forensic examination.  If so, it is critical that an experienced information security attorney retains and directs the expert, to ensure that the forensic examiner’s report and any measures taken to mitigate the breach remain privileged (particularly if the review reveals that the business failed to take reasonable measure to avoid the breach).  Depending on the type of breach, immediate forensic work may be imperative to ensure the preservation of key evidence, like server and operating system log files.

Prompt and accurate initial communications with the company’s board and banks, customers and vendors, and regulators, as necessary, is another important early step in breach response process.  While these communications are important to ensure that the later steps in the process proceed smoothly, information provided to them may or may not remain confidential, can facilitate either assistance or resistance from others, and will result in either a nasty and expensive governmental audit or avoid a regulatory response altogether.

Most meaningful information security breaches will spark the interest of local or regional news outlets and politicians.  Preparing astute press releases, informative company web pages, turn-key media interviews, thoughtful telephone scripts, and thorough answers to “frequently asked questions” are crucial steps to prepare for and preempt media inquiries.  Similarly, forerunning with likely interested political figures can convert potential antagonists into allies.

The most important aspect of the response is prompt notification to the individuals affected by the breach, and positive interactions with them thereafter.  While no one is happy to learn that his or her personal information was lost or stolen, a cyber breach is a problem that a business can transform into an opportunity.  A call/email center staffed by knowledgeable and (actually) helpful representatives is imperative.

Similarly, if the breach involves sensitive personal information, offering credit and identity restoration insurance (not just monitoring) to the affected individuals can mitigate or prevent harm to them entirely. In fact, an effective breach response can significantly reduce, if not completely eliminate, the risk and damages of lawsuits and claims asserted by affected individuals.

Cyber security breaches are terrifying primarily because most businesses are not ready for them. Preparing and practicing incident response procedures before a breach occurs is imperative. Likewise, if subject to a breach, a business should retain an experienced information security attorney to manage a privileged breach response process, bringing to bear the skills and intuition that is developed only from handling these crises.

Bill Cheng and John Weaver practice in the Privacy and Data Security Group at McLane Middleton.  Bill can be reached at [email protected] or at 781-904-2715.  John can be reached at [email protected] or at 781-904-2685.

Integrity and trust

At McLane Middleton we establish and maintain long-standing relationships with our clients to help us better achieve their unique goals over time. This approach to building trust requires that our esteemed lawyers and professionals use their broad, in-depth knowledge and work together with integrity to ascertain sound resolutions to legal matters for their clients.

Strength in numbers

McLane Middleton is made up of more than 105 attorneys who represent a broad range of clients throughout the region, delivering customized solutions. As a firm we are recognized as having the highest legal ability rating. The firm is rated Preeminent by Martindale Hubbell and is recognized as one of the nation's leading law firms in Chambers USA. Our attorneys are distinguished leaders in their respective practice areas.

Meet Our People

Commitment and collaboration

McLane Middleton's versatile group of attorneys and paralegals become trusted authorities on each case through collaboration. We work with our clients to learn their individual needs first and foremost and, together, we develop comprehensive solutions to their specific legal matters. This approach helps us exceed our clients' expectations efficiently and effectively, client by client, case by case.

Practice Areas

A history of excellence

McLane Middleton was established in 1919 in New Hampshire, and has five offices across two states. However, deep historical roots don't allow you to become innate. Our firm is organized, technological, and knowledgeable. Our history means we are recognized. But our reputation is built on the highest quality of service and experience in very specific areas of law.

The Firm

Intelligence paired with action

Our team continuously seeks opportunities to enhance their professional development and put key learnings to action. The pursuit of further insight guides us to volunteer service opportunities, speaking engagements, and teaching roles. Our lawyers are sought after thought leaders across their industries, and recipients of leadership awards throughout the region.