Cyberattacks and data breaches are rarely constrained by geography. Lex Mundi’s network and resources can help you plan globally, whether it’s for protective or reactive support.
Contact
Annaka Weerts Manager, Global Markets [email protected]
Building Stronger Defenses – Cyber Readiness Solutions for General Counsel
Cyberattacks and data breaches know no borders. As general counsel, you need a partner you can trust to navigate these challenges with confidence and precision. Lex Mundi and its member firms provide unparalleled expertise and global resources to help you prepare for and respond to cyber threats.
Whether you need strategic guidance or immediate support following a breach, we deliver comprehensive solutions tailored to protect your organization and its reputation. Trust Lex Mundi to be your ally in cyber readiness.
At Lex Mundi, we facilitate access for General Counsel and their teams to over 150 leading independent law firms across the globe. Our network provides access to top-tier local legal advice tailored to the specific needs of an organization’s unique global footprint.
Lex Mundi’s privacy and cybersecurity group provides General Counsel and their teams with the opportunity to network with legal professionals in the cybersecurity space, keep up to speed with emerging trends and develop a fresh perspective on this rapidly evolving area of law. This group offers General Counsel the ability to connect through online resources, in-person meetings and webinars.
Lex Mundi offers virtual introductory roundtables with member firms in key jurisdictions, enabling organizations to identify future vulnerabilities and blind spots, stay ahead of potential threats and connect with industry leaders.
Organizations can develop a structured incident reporting hotline available across regional hubs to ensure immediate and reliable support around the clock.
Regardless of where a cyberattack occurs, Lex Mundi ensures the best local legal support is available through our Global Cyber Response Force.
Access Lex Mundi’s global cyber support through a single point of contact at your preferred firm.
Benefit from streamlined engagement and onboarding processes for local counsel, supported by Project Management Office services. This ensures a cohesive and efficient response to any cybersecurity challenge.
Transparent and competitive pricing allows organizations to manage costs effectively while receiving the highest level of legal support.
By engaging with Lex Mundi and our member firms, organizations benefit from not only legal counsel but also a strategic partner committed to their cybersecurity and overall success.
Global Cyber Response Force contacts
Specialists at Lex Mundi member firms worldwide, our Global Cyber Response Force lawyers are experts in their jurisdictions and will work together to provide you with a comprehensive global response plan.
Building resilience and leading your response
This free report from the 10th annual Lex Mundi Summit in Amsterdam analyses cybersecurity insights and best practice from general counsels at some of the world’s biggest brands. The report focuses on three things:
- Strengthening your resistance to attack
- Preparing your response to crisis
- Accepting and adapting to permanent vulnerability
First steps after a breach
These steps can help mitigate exposure and structure your response to cyberattack.
Once a cyberbreach has been detected, the breach must be contained to mitigate the damage and prevent further unauthorized access to or use of personal identifiable information. Ideally, all system and audit logs and evidence will be preserved in the process.
At the same time, the organization must gather details about the breach and assess what information was exposed and who was impacted. While some organizations choose to conduct an investigation in-house, many choose to hire an outside vendor specializing in digital forensics, often under lawyer-client privilege.
A number of countries have laws requiring organizations to notify individuals and/or the government following a data breach. California was the first jurisdiction to enact a broad data breach notification requirement. Most U.S. states and territories now have data breach notification statutes, which typically apply broadly to organizations that acquire, own, or license computerized data including personal identifiable information of individuals who reside within that jurisdiction. Certain U.S. federal statutes also apply to certain types of organizations and protected information (e.g. the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, and the American Recovery and Reinvestment Act).
These statutes generally require notification to individuals whose personal identifiable information has been or may have been compromised. They may also require the government be notified, and certain statutes require notification to credit reporting agencies. Typically, notification must be made without “unreasonable” delay, but certain statutes require more prompt notification (for example, California requires notification to individuals within 5 days of detection of a breach for protected medical information). These statutes normally specify the appropriate method of notification, and some statutes describe the content required. If the breach warrants law enforcement involvement, any notification to individuals may be delayed if law enforcement determines the notification will impede a criminal investigation.
A number of individual European countries currently have data breach notification laws (including the Netherlands, which passed a law in January 2016 requiring data controllers to notify the Data Protection Authority of data security breaches). In addition, the European Commission’s ePrivacy Directive established breach reporting obligations for telecommunications service providers, and the General Data Protection Regulation (GDPR) – which becomes effective May 25, 2018 – will extend data breach notification requirements to all organizations (including a requirement to notify the relevant supervisory authority within 72 hours). Canada and Australia have also recently enacted data breach notification laws, but like the GDPR, they have not yet entered into force.
For example, certain U.S. states require covered entities to offer credit monitoring services free of charge for one year to consumers whose personal identifiable information has been exposed in a data breach.
In coordination with the legal response, an organization should carefully consider its public relations response and adopt a press strategy that focuses on providing accurate information quickly.
After an initial analysis of the breach, it will be necessary to fully understand the circumstances of the breach to explain what happened and prevent future incidents. If the organization already has an incident response plan in place, it should be followed (and modified as necessary – no plan survives contact with reality).
Retain outside legal counsel, if necessary, to defend against lawsuits brought by either government or individuals. With the Lex Mundi Global Cyberbreach Rapid Reaction Force, our member firms can help coordinate a prompt, global response.
Cyber Readiness Solutions for General Counsel
Global Data Privacy Guide
Lex Mundi is not a law firm, is not engaged in the practice of law and does not act as an agent of any law firm. Although Lex Mundi makes reasonable efforts to keep material on this website current, the information is provided only as general information, which may or may not reflect the most recent legal developments. Therefore, you should not act upon any information on this website without seeking professional counsel.
Thank you to Stewart Baker (Partner) and Claire Blakey (Associate) of Steptoe LLP (Lex Mundi member firm for USA, District of Columbia) for their contributions to the "First Steps After a Breach."