News// March 2016

Why Every Business and Non-Profit Needs A Cybersecurity Attorney

Technology is evolving into realities that were once mere depictions in science fiction. In an age where data and information is secured digitally, cybersecurity is at the forefront of every organization's priority list. This is especially true given the high-profile security breaches involving Target, Anthem, Home Depot, and Sony. Importantly, such incidents do not affect only the Fortune 500 companies; organizations of all sizes are targets. As cyberattacks become increasingly rampant - and financially devastating -- businesses and non-profits must consider the benefits of working with cybersecurity attorneys.

Many businesses employ cybersecurity professionals to safeguard data systems, but not all enlist the full services of a cybersecurity attorney. Why do you need a cybersecurity attorney?

         1. Risk Assessment, Mitigation And Incident Response.

Although most companies have secure systems in place, not having well-versed legal representation can be detrimental. Given the sensitivity of data put in computer networks, including personally identifiable information, trade secrets, and patent information, cybersecurity attorneys are integral to risk assessment, mitigation, and response.

A business's policies are a first line of defense against both a breach and liability. Cybersecurity attorneys can review a business's policies to ensure they are up to speed with the technology of the time and have adequate protection in place for both employees and the business itself with respect to data access. If revision is necessary, the attorneys can re-draft policies that address industry standards and conduct employee training on these policies. Importantly, cybersecurity attorneys can evaluate third-party access to data to protect against data breaches similar to that which Target fell victim.

Cybersecurity attorneys coordinate incident and breach response. A security breach may lead to financial, reputational, operational, physical and legal costs. Among other things, a cybersecurity attorney leads or collaborates with corporate crisis teams, advising on the legal issues arising from the breach and subsequent response, and as appropriate, is involved with actual investigation of the breach. Businesses and non-profit agencies with cybersecurity counsel on hand are more equipped to deal with time-sensitive incidents which require prompt, immediate action.

During post-cyberattack recovery stages, cybersecurity attorneys advise concerning what information can be disclosed to third parties as well as issues regarding notice requirements, and what the available remedy and response options are under relevant laws.

         2. Compliance

There is a distinct difference between knowing the industry technology standards and interpreting the law setting forth those standards. While CIOs, CISOs and IT leaders focus on the technical aspect of issues related to a data breach, cybersecurity attorneys handle liability and governmental or regulatory issues. Cybersecurity involves a piecemeal framework of rules, regulations, and statutes from varying sources of government. Compliance with local, state, and national privacy laws and requirements as well as corporate governance requires legal counsel who is specifically equipped to deal with cybersecurity and data privacy issues. This is especially true as the ever-changing landscape of cybersecurity legislation and regulation develops.

         3. Litigation, If Necessary.

Cybersecurity attorneys also handle litigation arising from data and privacy breaches. Attorneys that have advised the business on the front-end are better able to assist the business in the event of an attack. Businesses that fall victim to cyberattacks may face civil liability. In such an event, cybersecurity attorneys help organizations manage, minimize, or avoid consequences following data breaches.

Cybersecurity is one of the most urgent issues of our time. Businesses and non-profit organizations must be prepared to deal with the unfortunate question of "when" rather than "if" a data breach will occur. Having a cybersecurity attorney available in-house or on retainer is not only a best practice - it has become a necessity.