The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Incident Response Plans

  • From Vol. 3 No.3 (Feb. 8, 2017)

    Key Strategies to Manage the First 72 Hours Following an Incident

    As soon as a company has identified an incident, things suddenly start to move fast and the situation can spiral out of control. Questions need to be answered. Is it a breach? What is the next step? Mishandling that first 72 hours after an incident is detected may have significant ramifications for the company’s bottom line. At the recent IAPP Practical Privacy Series conference, Seth Harrington, a partner at Ropes & Gray, and Brian Lapidus, Kroll’s managing director of identity theft and breach notification, covered the most important actions to take and the mistakes that could be made during this crucial time period. See also “How to Avoid Common Mistakes and Manage the First 48 Hours Post-Breach” (Jun. 22, 2016).

    Read Full Article …
  • From Vol. 2 No.15 (Jul. 20, 2016)

    Checklist for an Effective Incident Response Plan

    A detailed and vetted incident response plan is critical for limiting a cyber attack’s impact – it can ensure regulatory and legal compliance, save resources and decrease the response time. This article outlines: steps to take in advance of drafting the response plan; what to include in the plan; and plan testing measures. For in-depth coverage on the topic, see our three-part guide to developing and implementing a successful cyber incident response plan: “From Data Mapping to Evaluation” (Apr. 27, 2016); “Seven Key Components” (May 11, 2016); and “Does Your Plan Work?” (May 25, 2016).

    Read Full Article …
  • From Vol. 2 No.11 (May 25, 2016)

    A Guide to Developing and Implementing a Successful Cyber Incident Response Plan: Does Your Plan Work? (Part Three of Three)

    Many companies recognize that an effective incident response plan can go a long way towards mitigating the consequences of cybersecurity incidents. However, they often make simple mistakes in implementing these plans, largely because they lack a comprehensive strategy to combat persistent cyber threats. In this final segment of our three-part series on the topic, we explore common deficiencies in response plans, challenges companies face when implementing a plan, how to use metrics to troubleshoot and advocate for plan resources, and estimated costs associated with investigating and remediating the inevitable breach. The article features exclusive and in-depth advice from a range of top experts, including consultants, in-house and outside counsel. Part two set forth seven key components of a robust incident response plan. Part one covered the types of incidents the plan should address, who should be involved and critical first steps to take in developing the plan, including references to sample plans and practical resources. See also “Minimizing Breach Damage When the Rubber Hits the Road” (Feb. 3, 2016).

    Read Full Article …
  • From Vol. 2 No.10 (May 11, 2016)

    A Guide to Developing and Implementing a Successful Cyber Incident Response Plan: Seven Key Components (Part Two of Three)

    Organizations today face an overwhelming volume, variety and complexity of cyber attacks. Regardless of the size of an enterprise or its industry, organizations must create and implement an incident response plan to effectively and confidently respond to the current and emerging cyber threats. In this second part of our three-part series on the topic, we examine the seven key components of a robust incident response plan, with exclusive and in-depth advice from a range of top experts, including consultants, in-house and outside counsel. Part one covered the types of incidents the plan should address, who should be involved and critical first steps to take in developing the plan, including references to sample plans and practical resources. Part three will explore implementation of the plan, evaluating its efficacy, pitfalls, challenges and costs. See also “Minimizing Breach Damage When the Rubber Hits the Road” (Feb. 3, 2016).

    Read Full Article …
  • From Vol. 2 No.10 (May 11, 2016)

    Google, CVS and the FBI Share Advice on Interacting With Law Enforcement After a Breach

    Among the many decisions companies must make following a cyber incident are whether, when and how to engage with law enforcement. At the recent FT Cyber Security Summit USA, experts from Google, CVS Health, the FBI and the Center for Strategic and International Studies gave their advice on interacting with the government, and discussed the responsibilities and priorities of the compliance and legal teams in the wake of an attack. See also “Picking up the Pieces After a Cyber Attack and Understanding Sources of Liability” (Apr. 13, 2016).

    Read Full Article …
  • From Vol. 2 No.9 (Apr. 27, 2016)

    A Guide to Developing and Implementing a Successful Cyber Incident Response Plan: From Data Mapping to Evaluation (Part One of Three)

    Many organizations are coming to terms with the troubling fact that they will fall victim to a cyber attack at some point, if they have not already. An effective incident response plan can be one of the best tools to mitigate the impact of an attack – it can limit damage, increase the confidence of external stakeholders and reduce recovery time and costs. The Cybersecurity Law Report spoke with a range of top experts, including consultants, in-house and outside counsel, who answered some of the tougher practical questions that are typically left unanswered in this area. They shared in-depth advice on the subject based on their own challenges and successes. In the first article of this three-part series, we cover what type of incident the plan should address, who should be involved and critical first steps to take in developing the plan, including references to sample plans and practical resources. Parts two and three will examine key components of the plan, implementation, evaluating its efficacy, pitfalls, challenges and costs. See also “Minimizing Breach Damage When the Rubber Hits the Road” (Feb. 3, 2016).

    Read Full Article …
  • From Vol. 2 No.3 (Feb. 3, 2016)

    Minimizing Breach Damage When the Rubber Hits the Road

    When a cybersecurity incident is discovered, a company’s first steps are crucial to minimize the damage. Kirk Nahra, a partner at Wiley Rein, gave candid, practical advice for breach response at the recent IAPP conference. He discussed, among other things, the importance of training employees about breach reporting; how the terms a company uses for a breach may come back to haunt them; when privilege should not be preserved; and how getting all of the healthcare providers and vendors in the country into the Dallas Cowboys’ stadium to streamline their contracts could save billions of dollars. See also “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?” (May 20, 2015).

    Read Full Article …
  • From Vol. 1 No.4 (May 20, 2015)

    DOJ Encourages Cyber Incident Reporting and Advance Planning with Best Practices Guidance

    Following other government agencies who have weighed in on cybersecurity, the DOJ’s Cybersecurity Unit has published guidance titled “Best Practices for Victim Response and Reporting of Cyber Incidents,” outlining its recommendations for steps to take prior to a cyber incident; how to respond to an incident, including mistakes often made in the chaos following an incident; and effective follow-up actions.  Experts say that while it is nothing new, the document does emphasize the government’s expectations.  The Guidance “reinforces the notion that a ‘check-the-box’ approach to cybersecurity does not suffice.  Companies must implement a thoughtful, robust and effective plan that is tailored to the company’s particular business, risks and operations,” Richard Tarlowe, counsel at Paul, Weiss told The Cybersecurity Law Report.

    Read Full Article …
  • From Vol. 1 No.2 (Apr. 22, 2015)

    Steps to Take Following a Healthcare Data Breach

    The prevalence, size and cost of healthcare breaches is skyrocketing, with hackers gaining sophistication and regulators becoming more active.  It is a rare covered entity that has not had to report a data breach to patients/members and the U.S. Department of Health & Human Services Office for Civil Rights since the Health Information Technology and Economic Clinical Health Act became effective in 2009.  To assist healthcare companies in understanding and responding to data breaches in this regulatory environment, in a guest article, BakerHostetler partner Lynn Sessions discusses: the enforcement climate; the legal definition of a healthcare breach; strategies for handling unsecured personal health information; notification requirements and best notification procedures; activating a breach response team; mitigating the impact of a breach; and what’s next in cybersecurity for the healthcare industry.

    Read Full Article …
  • From Vol. 1 No.2 (Apr. 22, 2015)

    Analyzing the Cyber Insurance Market, Choosing the Right Policy and Avoiding Policy Traps

    The demand for cyber insurance has dramatically increased as cybersecurity incidents, large and small, proliferate and companies scramble for protection.  The market for cyber insurance has been changing in response to this demand, evolving technology, as well as new cyber regulations that are adding to the cost of breaches.  Roberta Anderson and Sarah Turpin, partners at K&L Gates in Pittsburgh and London, respectively, and Peter Foster, Executive Vice President, Privacy, Network Security, Media, Errors & Omissions and Intellectual Property Risk at Willis Group, shared their insights in a recent webinar about the evolution of the cyber insurance market, policy options available, traps to look out for and how to implement an incident response plan to properly trigger most policies.

    Read Full Article …