Imagine a hacker infiltrated your website; the names, contact information, credit cards and social security information of every customer (and/or employee) are now being sold on the cyber-crime black market. Your website is no longer accessible, your overall reputation is tarnished and your company may possibly never recover. This has been the reality for many businesses. The “risk mitigation” steps to avoid these events are where the focus really needs to be placed. Buying insurance, while nice, will not insulate the Company from all the “nasty” things that will likely occur from a data or privacy breach.
Do you know what to do if you were to become the victim of a cyber attack? There really needs to be a good plan for the Company to use to 1) control the public relations risk; 2) preserve evidence and; 3) appoint an immediate and informed “quarterback”
The recent WSJ article “Blunting the Cyber Threat to Business” that appeared earlier this week advocates the use of qualified counsel as the “quarterback” – we agree from a number of viewpoints. First, it is preferable to have a firm familiar with the legal aspects of risks that may be impacted, second we like the idea of preserving attorney-client privilege and third, we want to be sure NOTHING is done which could be construed to exacerbate the issue (emails internally or externally, deleting ANYTHING etc). In the midst of a claim or crisis even the most innocent action can be misconstrued.
The first step is to embrace those areas in which the Company can be exposed to a data/privacy breach. Understand the exposure areas, what the (potential) financial impact can be and how best to frame a program to mitigate the risk and the financial impact – surely buying insurance fits into that strategy.
Feel free to contact our Managing Principal, Albert Sica, at 732.395.4251 ([email protected]) if you would like to talk through a risk mitigation strategy and what the “next steps” are.
