It’s 3:00 a.m. You’re fast asleep, having a great dream about how your company’s stock price is up 50 percent in one day because you just won a bet-the-company litigation against your main competitor, your outside legal budget came in at 60 percent below forecast, and the General Data Protection Regulation has just been repealed—when the Plants vs. Zombies ringtone on your smartphone goes off. It’s your chief information officer. “Oh, [insert favorite expletive]!” you say to yourself. Before you even pick up the phone, you know what’s happened: Your company’s been the victim of a cyberattack.
By now, everybody’s familiar with the saying, “It’s not a matter of if you will be the victim of a cyberattack; it’s just a matter of when.” But for the good general counsel who’s used to taking things one step further, the saying now has to be, “It’s not a matter of when you are attacked; it’s what you do when you are attacked that matters.” What we hope to accomplish with this article is to provide you with a high-level framework to address that issue, as well as offer some practical steps that you can take not just to respond to cyber breaches but also to help prevent and detect them quickly.