Representative Cases for Cyber Liability Litigation and Counseling

The hacking into data systems and the misuse of data, including by the rerouting and theft of funds, has unfortunately become commonplace.  Our cyber practice stands ready to assist clients in reducing the risk of data breaches and responding to breaches if they occur.

One focus of the practice is on the obligations imposed on law firms to secure the confidential information of their clients.  Like financial service companies, law firms routinely store highly confidential information on their computer systems, making them a favored target for hackers.  It has been reported that approximately one in four law firms has experienced a breach due to a hacker, website attack, or lost/stolen computer or smartphone.   The FCC has noted that, while larger companies are taking steps to secure their systems, smaller businesses have become easier targets for cyber criminals. Indeed, virtually every company is at risk of a cyber attack.

To date, there is only limited statutory, regulatory or case law addressing the obligations of attorneys and other professionals to prevent cyber hacking.   Many jurisdictions require that attorneys and other professionals make reasonable efforts to ensure the confidentiality of client information by implementing safeguards to prevent access or disclosure to unauthorized third parties.  Some, like Pennsylvania, provide a “safe harbor” for covered entities that promulgate a cybersecurity policy covering a range of issues, including information security, data governance and classification, asset inventory and device management, access controls and identity management, business continuity and disaster recovery planning and resources, systems and network security and monitoring, and incident response.

In the wake of increasingly more frequent and severe cyber incidents, regulators have responded to address these heightened risks. For example the SEC’s Division of Corporation Finance has issued guidance on cybersecurity disclosures under the federal securities laws and has advised that companies “should review, on an ongoing basis, the adequacy of their disclosure relating to cybersecurity risks and cyber incidents” and that appropriate disclosures may include, among other things, a “[d]escription of relevant insurance coverage.”  Amid increased exposure to such risks, companies need assistance in handling security breaches and preventing future cybersecurity threats.

We can help clients navigate through the “layers” of protection that any business can implement in order to better protect against hackers.  Some of the safeguards include installing (additional) anti-virus/anti-malware software on computer systems, encrypting communications that are sent internally and externally, backing up data to servers inaccessible to the public and/or employees, and maintaining unique usernames/passwords.  Although implementing several layers of protection can make it difficult for hackers to breach a computer system, none of these precautionary steps can guarantee that hackers will not access confidential information.  Nevertheless, such protective measures may defeat a claim by a cyber victim.

We help clients navigate the emerging legal landscape.  From helping them to assess network/data security and insurance coverage prior to an attack to dealing with the aftermath of an attack, our cyber team stands ready to assist clients with all aspects of addressing and mitigating cyber risks. Our capabilities include reducing the risk of attacks, responding to attacks, defending actions brought by cyber victims, and helping clients to mitigate risk and loss through insurance.