Nov. 23, 2022

Six Articles to Help Manage Incident Response Efforts

In organizations' battle against the increase and unpredictability of cyberattacks, a well-prepared incident response is a powerful weapon. This special issue brings you articles from our 2022 archive that provide practical advice on common incident response challenges, such as breach notification, attorney-client privilege, external communications and issues specific to ransomware attacks. We will return with a regular issue on November 30, 2022, after the U.S. Thanksgiving holiday.

1) A New Era of Cyber Incident Reporting and Cybersecurity Regulation

The new Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) creates legal protections and provides guidance to companies that operate in critical infrastructure sectors, including requirements to report cyber incidents within 72 hours and ransom payments within 24 hours. In part one of this two-part guest article series, Wilkinson Barker Knauer attorneys parsed important provisions of CIRCIA, which Congress enacted just weeks after Russia’s invasion of Ukraine, that the Cybersecurity and Infrastructure Security Agency will shape through the rulemaking process with industry input. In the second installment, the authors examined areas of particular concern to the most significant critical infrastructure sectors, including financial services, communications and energy, and discussed the future of cybersecurity regulation in the United States.

2) Looking Back on the Breach: Fundamentals of Preserving Privilege of Forensic Analyses in the Wake of a Data Breach

Questions of privilege and work-product protection routinely arise in post-breach litigation, especially concerning forensic consultants’ analyses. Plaintiffs target these materials in discovery because they often provide a roadmap to the attack and include details regarding the victim business’s defenses and internal steps taken in response to a breach. Since these issues began to surface in post-breach litigation, courts have grappled with them and reached varying results. In this guest article, Patterson Belknap partner Alejandro H. Cruz and associate Elana M. Stern analyzed the case law and offered five themes that have emerged along with best practices that may help maximize the protection afforded to post-breach forensic analyses in follow-on litigation.

3) SEC Cyber Rules

The SEC has proposed new annual cybersecurity disclosures that promise to launch a new era of obligatory transparency for all public companies. Companies will have to share the ingredients of their cybersecurity programs and governance, allowing the whole world, not only regulatory staff, to judge how seriously a company is addressing cyber threats. Part one of this two-part series detailed how to get ready for the imminent SEC requirement that victim companies rapidly disclose each material cyber incident in Form 8-K filings. The second article looked at how companies could prepare for the Form 10-K standards, including how to establish board and management engagement with cybersecurity and measure the financial impacts of cyber risk.

4) Cyber Crisis Communications – “No Comment” Is Not an Option

Gone are the days when companies can address reports of a cyberattack with “no comment,” said the speakers at the recent International Conference on Cyber Security hosted by the FBI and Fordham University. Especially in the age of ransomware, knowledge of an attack is likely to spread quickly, and companies may have to act swiftly to help control the narrative – and may need to enlist government assistance. This article synthesized the insights offered by a crisis communications panel that included a national security reporter and former FBI and DOJ personnel.

5) Navigating the Interplay of Breach Response and Breach Notification

The hours and days immediately following a cyber incident, especially a ransomware attack, are particularly challenging. Not only is a company struggling to assess damage and get back online, but it might have only a very short time to notify multiple regulators. This article distilled insights offered during a recent Reed Smith program that addressed the ever-evolving data breach and cyber incident reporting landscape and examined the challenges a company faces, and the potential solutions, in the immediate aftermath of an attack, using a hypothetical ransomware attack on a multinational company as a jumping-off point.

6) Ransomware Evolution

The scope and sophistication of ransomware attacks have grown dramatically in recent years, with attacks on critical infrastructure, including Colonial Pipeline, prompting a strong government response. To assist companies in navigating these challenging waters, in part one of our two-part series, we discussed the evolving ransomware threat landscape (including ransomware as a service, the ransom payment calculus and incident response) and addressed challenges and considerations related to responding to an attack. The second article covered the government’s efforts at addressing ransomware and other cyber risks, and the role of cyber insurance.