Cybersecurity and data protection are nearly universal concerns for corporations, auditors, financial institutions, consultants and law firms. The financial and reputational costs associated with a significant data breach can be catastrophic.
Our ranks include some of the most highly respected cybersecurity and privacy lawyers in the country, including former Chairman of the Federal Trade Commission Jon Leibowitz and former United States Attorney Neil MacBride, who have overseen a broad range of high-profile and sensitive cybersecurity and data-privacy cases of national and international significance.
Davis Polk is able to harness its longstanding experience in multi-disciplinary crisis management to support our core team of cybersecurity and data-protection professionals. We are uniquely able to assist our clients who have experienced a possible data breach in making disclosure decisions, communicating with regulators and law enforcement, defending civil and regulatory actions, and managing interactions with various vendors, employees, clients, insurers, auditors and the market. We also have deep experience working with cybersecurity firms and communications experts to help clients reduce the risks of, and prepare for, various cybersecurity events, including:
- Working with cybersecurity firms to assess company threats, defenses, policies, procedures and training.
- Identifying data that should be deleted, or protected with enhanced measures.
- Assisting in responding to regulatory inquiries on cyber measures.
- Running tabletop exercises and mock breach drills.
- Drafting and implementing incident response and business continuity plans.
- Establishing contacts in the FBI cyber unit.
- Assessing regulatory and contractual obligations to notify employees, customers, regulators, insurers, auditors and the market in the event of a breach, including the nature and timing of such notification.
- Ensuring that companies have adequate cyber insurance.
- Reviewing vendor contacts to ensure they require appropriate defenses, notification, insurance, and cooperation.
- Determining the appropriate level of involvement by senior management and the Board.
- Ensuring that companies’ public statements, including SEC filings, regarding cybersecurity risks and measures are appropriate.