Cybersecurity

Overview

From data breach litigation to SEC reporting and corporate governance concerns, to compliance with the growing body of standards and regulatory requirements, it takes a cross disciplinary legal team to help today’s companies become and stay cybersecurity savvy. Dykema has that team.

Our cybersecurity team includes attorneys and public policy professionals from across the firm’s major practice areas who have the collective experience to solve even the most unique and complex challenges in the cyber-sphere. Our team includes both experienced transactional and litigation attorneys. We understand great opportunities and technological advancements come with new risks. We are prepared to help clients embrace the upside benefits while minimizing and managing the downside risks.

Today, cybersecurity is much more than a technology issue. It is a core business concern and one for which every business could use a partner in the know, like Dykema.

Data Breach Litigation

With corporate data breaches on the rise, it is critical to retain a law firm that is skilled in mitigating legal exposure to organizations that are victimized by cyber-attacks. Dykema’s multi-faceted litigation team is experienced in representing clients in all aspects of consumer and trade secret data breach litigation. Whether in the substantive area of cybersecurity and data privacy, with class actions, or investigations, to name a few, our team helps to protect clients from unwarranted lawsuits and to guide them through the process of prosecuting the cyber-criminals.

Privacy Compliance

Nearly every business operating today accumulates and saves confidential information about employees, customers, consumers, clients, patients and/or third-parties. And every business which does so must take care to protect that confidential information.

There are an ever-increasing number of state and federal laws and regulations that address privacy requirements, from those concerned with individual privacy (e.g. patient, client, employee, etc.) to those concerned with matters of national security, crime prevention and civil rights. Chances are—without regard to the nature of a given organization—it is subject to numerous different sets of privacy laws and regulations.

Dykema’s privacy lawyers stay abreast of the many divergent privacy laws and regulations so they can help our clients comply with each privacy requirement that comes into play in their organization. We also closely monitor the laws and regulations that are in the pipeline so we can give our clients a head’s up when a new requirement is going to impact them.

Corporate Governance

Corporate governance plays an integral role in protecting companies from cyber-attacks, as well as in protecting corporate directors and management from liability for their actions or inactions in the event of an attack. Companies need to reconsider the structure of their Board of Directors, management reporting mechanisms, and daily operations in light of cybersecurity and its related legal concerns. In this environment, all businesses can benefit from a knowledgeable partner, such as Dykema, to help them rethink the way they operate—from the top down—so that their entire organization is cyber-safe.

In addition, corporate directors and managers must be mindful of their fiduciary duties in the context of cybersecurity. Does management have a sufficient compliance plan in place? An adequate cybersecurity leadership team? Incident response plan? What about physical security of informational assets? We help companies and leadership think through the operational, as well as legal and policy aspects of the new cyber-way business is conducted today.

SEC Reporting

While the SEC’s current guidance helps to illuminate when cyber-incidents or other cyber-related issues should be reported, exactly when this duty is triggered requires a detailed analysis of many factors. Our attorneys have the experience to weigh these factors and help public companies make these critical decisions.

Cybersecurity Compliance Programs and Risk Management

Cybersecurity compliance in the private sector is here to stay. Both state and federal governments have, or are creating, regulatory schemes, which are not only a challenge to navigate, but—for the foreseeable future—present moving targets. Dykema’s cyber-team stays abreast of these evolving laws and regulations, and helps clients develop, implement, test and update cyber compliance programs so that the C-suite can sleep at night. Dykema also assists clients with state and federal inquiries and investigations to make sure legal risks and vulnerabilities are mitigated.

Cyber-Incident Response

Cyber-attacks and espionage, including theft of intellectual property and trade secrets, undoubtedly pose the biggest threat to many organizations, but they present only part of the picture. Companies are also at risk of litigation from third-parties if their information is breached, not to mention the damaging business disruption caused by a major breach.

Dykema counsels clients on the potential liabilities that flow from the breach itself, as well as those that arise from the inadvertent disclosure of private information. In the event of an actual breach, we work closely with forensic experts investigating the breach and help the client to analyze whether and, if so, how to prosecute the responsible parties and close the security gap through which the attack was made. We also provide counsel on the requirements for notice, reporting, remedial and other actions required or available in the event of a breach and work with public sector entities such as Department of Homeland Security’s (DHS) in connection with it voluntary information sharing program, which promotes information sharing in the event of a cyber-attack to help DHS’s crackdown efforts. And, our experienced litigators are ready and well prepared to represent clients in any subsequent litigation that arises as a consequence of any incident.

Cybersecurity in Transactions

We have substantial experience advising companies how to manage their cybersecurity-related risks in transactions ranging from mergers and acquisitions to outsourcing of information technology functions, as well as guiding clients through all other aspects of such transactions. In this work, we have been on both the vendor and the user sides of the equation and understand each party’s goals and viewpoints well—a key advantage for our clients. We draw on this extensive experience and the perspectives of our diverse team to develop an effective legal strategy that ensures the security of your critical data and advances your competitive position.

We have significant experience representing clients wanting to secure their important informational assets, including in:

  • Assessing and mitigating cybersecurity-related risks in mergers, acquisitions, assets sales and purchases, including assessing existing cybersecurity plan, protecting information assets being transferred, performing due diligence to assess for prior comprise of data, and more
  • Negotiating and drafting licenses, contracts, service contracts, supplier and other agreements, to include provision that safeguard confidential information and allocate risk
  • Negotiating and drafting technology-related transactions, including software licenses and development contracts, website development and hosting agreements and U.S. and international software distribution agreements

Experience Matters

We have:

  • Represented national e-commerce and business services company on investigation and remediation efforts related to theft of consumer personal information via keystroke loggers by Chinese mafia. Representation included interacting and assisting the FBI and U.S. Attorney’s Office’s investigation.
  • Reviewed client’s existing cybersecurity preparedness and response plan to mitigate legal and operational risks.
  • Assisted numerous clients in responding to data breaches by advising on and making required legal disclosures pursuant to state, federal and international law.
  • Negotiated fines with processing bank and credit card company related to security breach.
  • Guided clients through state and federal inquiries and investigations.
  • Audited client’s cyber-compliance in the areas of employee training and policies, privacy, governance, cyber incident preparedness and response, and vendor contracts.
  • Been involved actively in federal cybersecurity compliance and legislative initiatives and have provided substantive input about how the new compliance area will best serve the private sector and clients.
  • Provided advice to clients regarding legal implications of the Cybersecurity Executive Order and provided input on behalf of our clients on the soon to be released federal cybersecurity standards.

Speaking Engagements