Cybersecurity and Incident Response

Cybersecurity and Incident Response

Cyber-attacks are extraordinarily complicated and require a broad range of costly responses, including digital forensic preservation and investigation, notification of a broad range of third parties and other constituencies (customers, partners, employees, insurance carriers, etc.), fulfillment of state and federal compliance obligations, possible litigation, working with law enforcement, public relations, credit monitoring fees, crisis management – and the list goes on.

And besides the more predictable workflow, a cyber-attack victim company is exposed to other even more intangible costs as well, including temporary or even permanent brand reputation and damage; loss of productivity; extended management drag; and a negative impact on employee morale and overall business performance.

To make matters worse, as opposed to disasters like fires, floods, tornadoes, etc., today’s companies who experience a cyber-attack should not expect any assistance or even compassion from the U.S. government or anyone else. In fact, companies should expect quite the opposite because: 1) the U.S. government is overwhelmed with protecting the nation’s own infrastructure and does not have a SWAT team or a rescue team standing-by to assist U.S. companies after a cyber-attack; 2) given the forty-seven or so separate state privacy statutory regimes and a growing range of federal agency jurisdiction (each wielding their own unique set of rules, regulations, statutes and enforcement tools), instead of a helping hand, cyber-attack victims should expect subpoenas, enforcement actions and an onslaught of litigation; and 3) the public’s view of cyber-attack victims has rapidly become not one of understanding but rather one of anger and vilification.

Yet, despite the dire consequences of a cyber-attack, very few companies have on hand the kind of personnel who have the technological expertise, professional experience and sophistication to understand and remediate today’s cyber-attacks and handle the multi-faceted response. That is why companies today, both to prevent future data breaches and to manage a current data breach, partner with John Reed Stark Consulting.

John Reed Stark has the expertise and professional experience to help understand how best to remediate today’s cyber-attacks; to help companies preempt cyber related crisis; and to manage the intricate and multi-faceted fallout from their aftermath. Like any company in a crisis, engaging an independent and objective expert investigator like John Reed Stark not only insures integrity in the preparation and response, but also creates a defensible record if challenged later on (e.g. by regulators, class action lawyers, partners, customers, etc.).

In addition, by engaging John Reed Stark Consulting via outside counsel or inside counsel, a company not only partners with a seasoned and independent expert to help prevent or manage cyber-related crisis, but a company can also arguably maintain the attorney-client privilege for his reports, communications and certain other investigative documents pertaining to the attack.

Learn More

More information about John Reed Stark’s capabilities and expertise, review his recent articles and webcasts on cybersecurity and incident response in his Publications and in his blog, entitled Stark on  IR.  You can also see a few sample webcasts at:

Webcast | How Every GC, CFO and CCO Should Be Preparing for the Inevitable Data Breach

Webcast | What Every GC, CFO and CCO Needs to Know About Data Breach Response

Webcast | Cybersecurity and Financial Firms: Legal Counsel as Quarterback for Data Breach Incident Response

Webcast | Cybersecurity and Financial Firms: Bracing for the Regulatory Onslaught

About John Reed Stark

John Reed Stark's Profile Image John Reed Stark President of John Reed Consulting LLC. Served for 15 years as an SEC enforcement attorney leading cyber-related projects, investigations and enforcement actions; for 11 years as Founder and Chief of the SEC Office of Internet Enforcement; for 15 years as an Adjunct Professor at Georgetown University Law School teaching a law and technology course; for 10 years as a Guest Instructor teaching law enforcement and technology training sessions at the FBI Academy. Worked for over five years as Managing Director (three as head of the Washington, D.C. office) of a global digital risk management firm, leading cybersecurity, incident response and digital compliance engagements for corporations and regulated entities. Author of The Cybersecurity Due Diligence Handbook.