S1 E3 | Cyber Breach Response
Introduction
In episode 3, Angeline Chen and Bodo Meseke provide insights on responding to cyber breaches.
Topics discussed include, among other things:
- What cyber breaches are
- The different types of cyber breaches
- A cyber breach case study
- Suggestions for lawyers and company executives
____________________________________________________________________
Flyers and Resources
Disclaimer
Thanks for checking out our additional content! Additional content was written/prepared by the Host or present/past Georgetown Law team members.
Our Articles may contain references to, or short excerpts from, specific statements in the Compliance & Legal Risk podcast episodes. Please note, to benefit the Article format, in many instances, statements referenced or quoted in an Article may have been edited or shortened, may only focus on one portion of a speaker’s answer to a question or commentary on an issue, or may have had certain interim questions/statements removed. We also repeat certain phraseology in all or many of our articles to aid listeners in comparing articles across episodes and to ensure our listeners have easy access to helpful episode information. For additional context and complete speaker answers, we always encourage you to listen to the full relevant podcast episode!
____________________________________________________________________
Thought Leader Spotlight Series
Angeline Chen and another on Cybersecurity and the False Claims Act
Angeline Chen co-authored a piece with a DLA Piper colleague in May 2019 entitled “Court finds that failure to comply with cybersecurity obligations can create False Claims Act liability”. The piece discusses a court decision and states, among other takeaways:
“Cybersecurity compliance requires a multi-disciplinary team with clearly defined roles and responsibilities. At a minimum, this team should include personnel from IT, Legal, Contracts, and Program Operations. You should also evaluate whether there are other parts of your organization that would benefit from a basic understanding of the requirements and the potential consequences for noncompliance. For example, your company’s Business Development and Human Resources personnel may apply this information when evaluating new contract opportunities or recruiting and managing IT or Contracts personnel. In addition, senior management should assess how best to keep the board of directors apprised of cybersecurity compliance issues.”
Bodo Meseke and others on Cross-Boundary Cyber Threats
Bodo Meseke co-authored a piece with EY colleagues in June 2021 entitled “How do you see more clearly when cyber threats cross boundaries?”. The piece states, among other things:
“From a resourcing perspective, CISOs [Chief Information Security Officers] who can articulate the business case for allocating increased budget to cybersecurity will find it easier to secure the support they need. From a compliance viewpoint, cybersecurity will meet localized requirements through closer engagement across the enterprise. Most crucially of all, CISOs seeking to become strategic enablers and value drivers will succeed if they lead a cybersecurity function that is seen to be working to facilitate business transformation.”
It also offers multiple suggestions, including “[r]eposition[ing] the cybersecurity function as an enabler of transformation, innovation and business growth.”
Bodo Meseke on Managing Cybersecurity Risk
Bodo Meseke authored a piece in May 2020 entitled “How to go beyond a preventive mindset to manage cybersecurity risk”. The piece states, among other things:
“AI tools can be programmed to block threats automatically or outmaneuver them by sending false signals as they gather information. When a new type of malware appears, AI tools compare it to previous forms in their databases and decide if it should be automatically blocked. Machine learning can evolve to recognize ransomware before it encrypts data and can determine whether a website navigates to a malicious domain.”
It also suggests that the “most effective type of threat detection incorporates both AI and humans.”
Angeline Chen and another on Cybersecurity and the False Claims Act
Angeline Chen co-authored a piece with a DLA Piper colleague in May 2019 entitled “Court finds that failure to comply with cybersecurity obligations can create False Claims Act liability”. The piece discusses a court decision and states, among other takeaways:
“Cybersecurity compliance requires a multi-disciplinary team with clearly defined roles and responsibilities. At a minimum, this team should include personnel from IT, Legal, Contracts, and Program Operations. You should also evaluate whether there are other parts of your organization that would benefit from a basic understanding of the requirements and the potential consequences for noncompliance. For example, your company’s Business Development and Human Resources personnel may apply this information when evaluating new contract opportunities or recruiting and managing IT or Contracts personnel. In addition, senior management should assess how best to keep the board of directors apprised of cybersecurity compliance issues."
DLA Piper on Boards, Executives, and Cyber Considerations
DLA Piper put out a piece in August 2021 entitled “Cybersecurity considerations for executives and boards of directors: How recent cyberattack trends and developments inform strategies for reducing cyber-risk”. The piece states, among other things:
“As the costs and sophistication of cyberattacks continue to rise, and as businesses continue to seek ways to streamline operations in response to the evolving COVID-19 pandemic, organizations should continue to monitor cyberattack trends and develop data governance programs. Other cyber-risk management strategies include reviewing organizational controls, developing and improving incident response plans, conducting internal and external security assessments, and training employees on incident prevention and response. ”