With the number of security incidents and data breaches drastically increasing each year, organizations often feel as though they are scrambling to protect their data and confidential information. In 2022 alone, 83% of organizations experienced at least one security incident or data breach, which coincided with a 13% increase in the total number of ransomware attacks from the previous year. Keman Huand, Xiaoqing Wang, William Wei, and Stuart Madnick, “The Devastating Business Impacts of Cyber Breach,” Harvard Business Review (May 4, 2023). Security incidents and data breaches not only pose a security risk but expose organizations to an increased threat of litigation. As a result, enumerated crisis management strategies (from security incident or breach and privilege perspectives) should be fleshed out, vetted, and endorsed, not only to maintain reputation but avoid, limit, and navigate potentially protracted and costly litigation.
This article will: provide a high-level overview of key ways for organizations to prepare for a security incident or data breach (regardless of size and revenue of that organization); and, when such an incident occurs, what an organization must do to not only efficiently navigate the complicated and piecemeal maze of legal, regulatory, and compliance obligations, but also how outside counsel is critical to an organization’s ultimate successful response/mitigation efforts.