Cyber Security

A General Counsel's Perspective

Benjamin Franklin said, “an ounce of prevention is worth a pound of cure,” and his axiom holds true especially when it comes to the General Counsel’s role in preparation for a cyber breach and knowing how to respond to a crisis.

Learn More

While a GC cannot and should not prepare an attack response plan alone, they do have a critical role in ensuring the coordination, defensibility and protection of pre-breach planning and post-breach efforts between all critical stakeholders including the cyber security team, various internal groups such as Finance and Marketing, the Executives and the Board.

One of the critical elements to a breach response plan is to establish the process for how company employees working on data breach preparedness and post-breach investigations perform their tasks.

Employees must be made aware of the importance of attorney-client privilege and work product protections which are critical to reducing risk, unnecessary exposure and financial liability. Preparation for an accurate and transparent information flow is also essential following a breach. GCs need to establish baseline sets of communication guidelines for business critical and urgent communications that includes what can be communicated and how. These guidelines need to consider how these communications might appear to an outside party in any subsequent litigation.


Cost is also a key consideration in the broader discussion regarding a breach. GCs must offer guidance on how to balance the cost of breach prevention and the impact of a breach to a company’s brand, reputation, loss of customer and shareholder confidence with the time, distraction, regulatory fines and costs of lawsuits and settlements which may follow a successful attack.


Over the past few years, we have witnessed cyber security move from a back-office, IT challenge to a high-profile, Board-level issue. Previous experiences of companies whom have been victims of data breaches and were drawn into resultant litigation and government inquiries, have shown that simple but powerful proactive efforts that involve a GC in your incident response plan provide significant protection that should not be ignored. When armed with the right plan to prepare for a breach, GCs will have a solid starting point to help prepare for and mitigate the inevitable.

Just because breaches can and do happen, does not mean the organization cannot be well prepared.