Cybersecurity

As cybersecurity risks continue to evolve and escalate, the prospect of undergoing a cyberattack is more a question of “when” than “if” for most companies.  Anderson Kill’s cybersecurity team includes authors of leading treatises on cyber insurance recovery and intellectual property and computer crimes; former government officials and federal and state prosecutors; IP attorneys with extensive tech experience; and attorneys with deep understanding of the technical as well as legal aspects of cybersecurity and compliance. 

Our cybersecurity attorneys help clients to

• Establish working relationships with state and federal agencies overseeing cybersecurity, including the DOJ, FBI, FTC, DHS, the federal Cybersecurity and Infrastructure Agency (CISA), the New York Department of Financial Services,  the New York Dept. of Homeland Security, and appropriate agencies in other states.
• Develop policies to ensure compliance with the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), other key national privacy and data protection laws, and relevant state statutes and regulations, including biometric privacy laws.
• Establish cyber security, crisis management and disaster recovery plans and teams that address the full range of potential incidents and establish lines of communication and authority. 
• In the event of a data breach or other attack, assist in-house personnel as they work to:
  • Verify the breach, determine its extent, and contain it.
  • Determine what data is affected and what risks result -- e.g., inoperability of computer systems, identity theft (from customers, employees, others), theft of trade secrets, liability to injured parties, government penalties, reputational damage
  • Consider whether there is a compulsory requirement to inform anyone (e.g., regulators, data subjects, suppliers, customer) of the breach, or if there are good reasons to do so even if there is not. Establish good working relations with regulatory agencies probing the event.
  • Consider all communications – to customers and partners, regulators, markets and the general public, including via social media --  in light of regulatory requirements, public relations considerations and litigation risk, including defamation, and in light of preserving privilege where appropriate.
  • Assess and manage contractual obligations, with particular reference to clauses relating to data protection obligations, compliance with laws, force majeure and rights to terminate. Meet contractual notification requirements.
  • Forestall or defend against regulatory action or litigation from consumers, other customers, or shareholders. 
  • In the event of theft, negligence triggering loss on the part of third parties, or theft of trade secrets or other IP, or cryptocurrency assets, pursue redress, including litigation if necessary. 
  • Navigate the regulatory risks and potential criminal liability associated with ransomware payments.
  • Assess the manifold sources of loss and liability, give prompt notice to all potentially responsive insurance policies, and aggressively pursue insurance claims to cover those losses and liabilities. 
  • Conduct after-action review. Modify systems and processes to limit the risk of reoccurrence and optimize response if a reoccurrence proves unavoidable.

In today’s high-risk cyber environment, effective prevention and crisis response are a continuum.  Our team is well equipped to help clients avoid cyber losses and liabilities, mitigate them when they do occur, and maximize insurance recovery after the fact.

Click the links below to learn more and purchase a treatise:

• Cyber insurance recovery - Cyber Insurance Claims, Case Law, and Risk Management
• Intellectual property and computer crimes - Intellectual Property and Computer Crimes