Our Cybersecurity team proactively manages your cybersecurity risk to protect brand and reputation.

Building cybersecurity and breach preparedness.  We work with in-house legal departments, IT/InfoSec teams, C-suites, and boards of directors on a host of proactive measures to improve preparedness and to effectively manage cyber-risk, including building data security governance and regulatory compliance programs, developing incident response plans and procedures, and conducting tabletop exercises and management training – in both enterprise-wide and product/service-specific contexts.  We are also active in coordinating industry cybersecurity and threat information-sharing strategies.

Orrick Cybersecurity Incident Hotline

Responding to cyberattacks and breach incidents.  A cyberattack or security breach requires a coordinated and effective response. We have deep experience across all facets of these bet-the-company events, having handled hundreds of sensitive cybersecurity incidents across industry sectors, threat actors and threat vectors. We position clients to move past incidents as efficiently as possible with minimal impact to operations and brand, and with an enhanced security posture for the future. Our practice covers the following key actions:

  • directing physical and IT forensics investigations to identify and determine legal obligations efficiently while maintaining confidentiality/privilege;
  • advising on regulatory and contractual data breach notification requirements across the globe, including in the U.S., EU and Asia;
  • counseling executive officers and boards on corporate governance and fiduciary responsibilities related to managing cybersecurity risk and in the wake of a cybersecurity incident;
  • coordinating with domestic and international law enforcement agencies;
  • representing clients in government investigations before the state and federal regulators, and non-U.S. data protection authorities;
  • defending clients in parallel proceedings, including civil class actions and arbitrations, and shareholder derivative litigation;
  • managing insurance recovery for incident response costs, breach notification, legal fees and defense of claims, helping clients procure comprehensive coverage and comply with requirements for cyber-insurance coverage and maximizing their recovery;
  • advising on SEC public disclosure requirements;
  • advising on public relations and media strategy; and
  • executing “active-defense” strategies and pursuing affirmative claims against criminal actors responsible for the incident.

Cyber insurance recovery.  Clients need dedicated coverage counsel experienced in data breach claims, who can anticipate and maximize recovery efforts. We have led insurance recovery efforts for some of the largest and most complex data breaches in history, including the Sony PlayStation breach and the Premera health care breach. Our practice focuses on policy holders, and we evaluate, negotiate and procure appropriate cyber-coverage, taking into account emerging technologies and developments in the insurance marketplace.

Insights

Events

News

Recognition