Inadequate cybersecurity measures can expose companies not only to data breach incidents, but to liability from multiple fronts, including state attorneys general, the FTC and civil litigants. In a recent panel at the Practising Law Institute, Michael Vatis, a Steptoe & Johnson partner, and KamberLaw partner David Stampley discussed the dynamic enforcement and judicial climate in this space, distilling actionable takeaways from recent settlements with state attorneys general, FTC actions including Wyndham, and evolving consumer litigation jurisprudence. The enforcement actions and litigations are instructive for companies seeking to fortify their internal information security and data privacy efforts and guard against the risk of liability in the event of a breach. See also “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?” (May 20, 2015).