Cybersecurity and Privacy
Nearly every company is at cyber risk. With distributed denial of service (DDoS), data security breaches, and other attacks on the rise, addressing and mitigating cyber risk is top of mind among companies across the globe. Reports of high-profile cyber attacks make headlines almost every day, and the headlines confirm the reality: cyber attacks are on the rise with unprecedented frequency, sophistication, and scale. And they are pervasive across industries and geographical boundaries.
In the wake of more frequent and severe cyber incidents, regulators around the world have implemented changes to address these heightened risks. For example the US Securities and Exchange Commission (SEC) Division of Corporation Finance has issued guidance on cybersecurity disclosures under the federal securities laws and has advised that companies “should review, on an ongoing basis, the adequacy of their disclosure relating to cybersecurity risks and cyber incidents” and that appropriate disclosures may include, among other things, a“[d]escription of relevant insurance coverage.” Amid increased exposure to such risks, companies need assistance in handling security breaches and preventing future cybersecurity threats.
Our Practice
From helping clients to assess network/data security and insurance coverage prior to an attack to dealing with the aftermath of an attack, our global Cybersecurity and Privacy team has deep experience to assist clients with all aspects of addressing and mitigating cyber risks. Our capabilities include preventing and deterring attacks, pursuing perpetrators, responding to problems, and helping clients to mitigate risk and loss through insurance.
Our Cybersecurity and Privacy group includes an experienced federal policy team, cyber forensic investigators with extensive experience in successful internet tracking, a rapid response team to handle active attacks, and experienced insurance coverage counsel, among others. Our team has a unique blend of skills that span various practice areas and jurisdictions to help clients deal with cybersecurity issues. We have experience in internet and technology law, legal and regulatory, government regulations, and insurance coverage, as well as established relationships with registrars, internet service providers (ISPs), service providers, and law enforcement.
What We Do
Managing Threats and Attacks
Our Cybersecurity and Privacy team helps manage Internet security and prevent cyber attacks and data breaches through a unique skill set that includes a technical lab and cyber forensic investigators, extensive experience in Internet tracking, and a rapid response team of professionals to deal with current attacks. Our team in the United States also has experience working with the FBI and IT forensic consultants after attacks.
Legal and Regulatory Risk
Our team works with clients to prepare them for data breaches and minimize their potential legal exposure by drafting internal policies and procedures and contractual provisions regarding discovery, investigation, remediation, and reporting of breaches. We also investigate incidents to determine the scope of a breach and analyze what is required under applicable laws. In the European Union, we assist our clients in their notifications to local data protection authorities in case of personal data security breaches, as well as in legal remedies and technical patches they may have to implement and to disclose to said authorities, as well as to their customers or employees.
Government Regulation and Legislation
Our team has significant experience in government regulation and legislation related to data breaches and cybersecurities crimes. For more than 20 years, we have advanced information technology issues before the US administrative branch, regulatory agencies, and Congress. We’re also active in advancing these issues in our worldwide regions. We work to ensure that government cybersecurity standards and mandates are industry-led and technology neutral and we have obtained legislation to broaden and strengthen US criminal penalties for cyber crimes. We led the effort to liberalize export controls on American encryption products and to prevent US domestic limitations on the use of encryption. We also assist our clients in similar initiatives at European and local levels, notably with the European Commission and various Member States.
Insurance Coverage
A complete understanding of a company’s insurance program is key to maximizing protection against cyber risk. Our team is skilled in obtaining coverage for various types of cyber risks, considering the adequacy of existing insurance programs, analyzing new insurance products, and drafting and negotiating cyber insurance policy placements.
Our global Cybersecurity and Privacy team regularly assists clients with:
- Internet safety
- Privacy, data protection, and information management
- Internal policies
- Employment issues
- Data breach responses
- Analyzing breaches
- Investigating incidents
- International data transfers
- Litigating data security breach actions
- Insurance coverage for data security breaches and other cyber risks
- Contracting with customers, service providers, and affiliates
- U.S. SEC disclosures
- Government enforcement actions
- Mergers and acquisitions
Thought Leadership
On 3 December 2024, Judge Amos Mazzant of the Eastern District of Texas issued a nationwide preliminary injunction with respect to the Corporate Transparency Act (CTA), enjoining enforcement of the CTA as well as the implementing Treasury regulations, and staying the 1 January 2025 reporting deadline until further order of the Court.
On 22 December 2020, the U.S. Securities and Exchange Commission (SEC) adopted amendments (the final rule) to Rule 206(4)-1 under the Investment Advisers Act of 1940 (the Advisers Act) to modernize the regulation of investment adviser advertising and solicitation practices.
In the October edition of The Essentials, we summarize key provisions of California employment laws that took effect in 2024 and those that will take effect in 2025.
In this semiannual series on the U.S. Department of Labor's Regulatory Agenda, partners Craig Leen and Kathleen Parker discuss recent updates to the regulatory agenda and what employers should expect in terms of new labor and employment regulations in 2023.