When a portfolio company of a fund gets hit with ransomware late one night – facing a demand that will exceed the company’s cyber insurance coverage within two days and force a cash injection from the fund – what does the fund manager do? In this two-part guest article series, Proskauer attorneys Ryan P. Blaney, Margaret A. Dale, Dorothy Murray, Todd J. Ohlms and Jonathan M. Weiss tackle this question. Part one of this series set out the issues to keep in mind in terms of immediate incident response and weighing whether to pay the ransom. This second installment reviews the regulatory obligations that arise with any data breach and considers the follow-on steps and consequences of such a breach from a U.S. and U.K. perspective. See “A Look Inside Businesses’ Private Disputes Over Ransomware Costs” (Aug. 18, 2021).