Cybersecurity and Privacy
Nearly every company is at cyber risk. With distributed denial of service (DDoS), data security breaches, and other attacks on the rise, addressing and mitigating cyber risk is top of mind among companies across the globe. Reports of high-profile cyber attacks make headlines almost every day, and the headlines confirm the reality: cyber attacks are on the rise with unprecedented frequency, sophistication, and scale. And they are pervasive across industries and geographical boundaries.
In the wake of more frequent and severe cyber incidents, regulators around the world have implemented changes to address these heightened risks. For example the U.S. Securities and Exchange Commission (SEC) Division of Corporation Finance has issued guidance on cybersecurity disclosures under the federal securities laws and has advised that companies “should review, on an ongoing basis, the adequacy of their disclosure relating to cybersecurity risks and cyber incidents” and that appropriate disclosures may include, among other things, a“[d]escription of relevant insurance coverage.” Amid increased exposure to such risks, companies need assistance in handling security breaches and preventing future cybersecurity threats.
Our Practice
From helping clients to assess network/data security and insurance coverage prior to an attack to dealing with the aftermath of an attack, our global cybersecurity team has deep experience to assist clients with all aspects of addressing and mitigating cyber risks. Our capabilities include preventing and deterring attacks, pursuing perpetrators, responding to problems, and helping clients to mitigate risk and loss through insurance.
Our cybersecurity group includes an experienced federal policy team, cyber forensic investigators with extensive experience in successful internet tracking, a rapid response team to handle active attacks, and experienced insurance coverage counsel, among others. Our team has a unique blend of skills that span various practice areas and jurisdictions to help clients deal with cybersecurity issues. We have experience in internet and technology law, legal and regulatory, government regulations, and insurance coverage, as well as established relationships with registrars, internet service providers (ISPs), service providers, and law enforcement.
What We Do
Managing Threats and Attacks
Our cybersecurity team helps manage Internet security and prevent cyber attacks and data breaches through a unique skill set that includes a technical lab and cyber forensic investigators, extensive experience in Internet tracking, and a rapid response team of professionals to deal with current attacks. Our team in the United States also has experience working with the FBI and IT forensic consultants after attacks.
Legal and Regulatory Risk
Our team works with clients to prepare them for data breaches and minimize their potential legal exposure by drafting internal policies and procedures and contractual provisions regarding discovery, investigation, remediation, and reporting of breaches. We also investigate incidents to determine the scope of a breach and analyze what is required under applicable laws. In the European Union, we assist our clients in their notifications to local data protection authorities in case of personal data security breaches, as well as in legal remedies and technical patches they may have to implement and to disclose to said authorities, as well as to their customers or employees.
Government Regulation and Legislation
Our team has significant experience in government regulation and legislation related to data breaches and cybersecurities crimes. For more than 20 years, we have advanced information technology issues before the U.S. administrative branch, regulatory agencies, and Congress. We’re also active in advancing these issues in our worldwide regions. We work to ensure that government cybersecurity standards and mandates are industry-led and technology neutral and we have obtained legislation to broaden and strengthen U.S. criminal penalties for cyber crimes. We led the effort to liberalize export controls on American encryption products and to prevent U.S. domestic limitations on the use of encryption. We also assist our clients in similar initiatives at European and local levels, notably with the European Commission and various Member States.
Insurance Coverage
A complete understanding of a company’s insurance program is key to maximizing protection against cyber risk. Our team is skilled in obtaining coverage for various types of cyber risks, considering the adequacy of existing insurance programs, analyzing new insurance products, and drafting and negotiating cyber insurance policy placements.
Our global cybersecurity team regularly assists clients with:
- Internet safety
- Privacy, data protection, and information management
- Internal policies
- Employment issues
- Data breach responses
- Analyzing breaches
- Investigating incidents
- International data transfers
- Litigating data security breach actions
- Insurance coverage for data security breaches and other cyber risks
- Contracting with customers, service providers, and affiliates
- U.S. SEC disclosures
- Government enforcement actions
- Mergers and acquisitions
Thought Leadership
On 30 January 2024, the US Citizenship and Immigration Services (USCIS) published a final rule (Final Rule) increasing the premium processing fee from US$2,500 to US$2,805, increasing filing fees for I-129 and I-140 employment-based petitions, and imposing a new Asylum Program Fee for each Form I-129 and I-140 filed by employers.
On 3 April 2024, the US Securities and Exchange Commission announced the first settlement with a stand-alone registered investment adviser for, among other things, failures to maintain and preserve certain electronic communications.
On 22 December 2020, the U.S. Securities and Exchange Commission (SEC) adopted amendments (the final rule) to Rule 206(4)-1 under the Investment Advisers Act of 1940 (the Advisers Act) to modernize the regulation of investment adviser advertising and solicitation practices.
On 7 March 2024, the Illinois Pollution Control Board proposed amendments to its Ground Water Quality regulations, which would set standards for selected per- and polyfluoroalkyl substances compounds at or near their levels of detection and would result in some of the most stringent standards in the country.