Key Steps in Defending Companies Against Cybersecurity Breach Litigation

Download a printable PDF of this article.

As former Federal Bureau of Investigation Director Robert Mueller put it, there are “only two types of companies: those that have been hacked and those that will be.” American businesses are under siege from hackers 24 hours a day, seven days a week, and unfortunately the consequences of suffering a cybersecurity breach have never been higher. Leaving aside the business impacts, companies victimized by a breach frequently face an onslaught of regulatory investigations and private litigation seeking to hold the company accountable for failing to prevent the criminals’ acts. This situation puts companies in the unenviable—and undesirable—conundrum of devoting attention and resources to defending these actions, which can take resources away from the core issue of protecting their network and systems from an attack.

A lawyer well versed in cybersecurity litigation and regulation is therefore a critical asset to all companies collecting personal information. To understand how to defend a company against cybersecurity-related claims, it is first necessary to understand the types of claims that are brought.