‘The Legal Issues in Cyber Incident Response’
Jennifer A. Beckage, Esq., CIPP/US, CIPP/E | April 1, 2021
When we think about cyber incident response, we think about detection, analysis, containment, eradication, remediation and reporting. These stages are not just about technical and forensic response, however. Throughout each, legal risks and considerations must also be addressed. It is imperative to focus on gaining technical understanding of what the threat actor did, when they did it, and how to overcome their interference and resulting business interruptions. At the same time, equal focus must be given to examining applicable state and/or federal laws, contractual obligations, and any other potential legal exposures or rights. This can be accomplished while simultaneously managing other aspects of incident response, including cyber insurance carrier updates, public relations, internal communications and, of course, technical response. Working with legal counsel and the organization’s incident response team to answer material legal questions through the phases of incident response often dictates how and when the next phase is handled.