The General Counsel’s Playbook for Working with Cybersecurity Consultants

In today’s business and legal environment, corporate counsel plays a critical role when their company experiences a data security incident. General Counsels (GC) can no longer profess ignorance on “tech stuff” and pass the buck to Information Technology (IT). The frequency, sophistication, and severity of cybercrimes continue to increase. Every enterprise possesses sensitive information. When that information is compromised the door opens to a range of liability issues. Note we wrote “when” and not “if.” Former FBI Director Mueller famously said that “there are only two types of companies: those that have been hacked and those that will be.” Yet much in-house counsel remains unprepared. Like a Little Leaguer stuck deep in the right field, counsel knows they must catch the next data security incident that comes their way, but hope nothing happens.

The best advice? Don’t fret about having to make the big play; prepare and plan your response ahead of time for when the ball comes your way. No one expects a GC to take over the IT department, collect forensic images, extract malware samples from memory, or solve the cybercrime. You will, however, be expected to know the proper steps to take in the event of a compromise, how to find the best help possible, and what pitfalls to avoid. This paper offers practical strategies to better prepare in-house counsel for a data security incident.