October 25, 2023

Understanding the Costs of Incident Response: Counsel + Litigation

When an organization faces a cybersecurity incident, the immediate concerns often revolve around investigating the breach, mitigating the damage, and getting IT services back on track. However, there's a hidden cost that lurks beneath the surface - legal expenses. In this blog, we will explore the nuances of counsel and litigation costs in incident response and why they should be an integral part of an organization's cybersecurity planning.

From the start, specialized attorneys and law firms play a pivotal role throughout the response process. Often called privacy counsel or “breach coaches,” these specialists help organizations handle intricate risks and obligations that in-house counsel may not be equipped to tackle. External legal teams provide several essential services during a response effort, including:

Attorney-Client Privilege: Engaging service providers through external counsel may protect incident-related communications and documents with attorney-client privilege. This legal safeguard helps shield misleading or potentially damaging material from discovery processes in downstream legal proceedings. But this privilege umbrella is not automatic! Teams should carefully follow counsel’s guidance for written communications and document production.

Navigating Legal Obligations: Law firms commonly support dozens, if not hundreds,] of data breaches and cyber-attacks each year. This experience helps external counsel navigate regulatory and contractual obligations across the complex landscape of jurisdictions and verticals. In-house counsel are not likely to be as familiar with current regulator expectations and how best to shape a technical response effort to support them.

Communications: Careful communication strategies are critical during an incident. Expert counsel can help shape effective comms strategies for internal and external stakeholders without introducing new risks. They may engage specialized public relations companies to work at their direction and often coordinate mandated notifications.

Stakeholder Liaison: Expert counsel are often effective liaisons for clients that need to balance response efforts with engaging third parties like law enforcement, insurance providers, and business partners. Counsel can support third-party needs without disrupting sensitive response efforts and can help victims understand what third party support they can realistically expect.

Litigation support: Unfortunately, legal costs don’t stop with the technical response effort. The meteoric rise of cyber extortion attacks, coupled with ever more rigid and complex data breach regulations, is fueling a surge in data breach litigation. Litigation can extend the already lengthy tail of incident response costs and many organizations find themselves dealing with legal engagements for months or even years after the incident.

Just like business interruption costs discussed in our last post, legal costs scale with the size and complexity of the incident. In fact, larger incidents may require engaging multiple law firms with niche material or jurisdictional expertise. Contemplating legal costs and challenges should be part of every organization’s incident response plan. Organizations should understand the legal providers and services covered by their cyber insurance policy and spend time focusing on data governance to get ahead of costly notification obligation surprises.

After a breach, organizations may find themselves navigating uncharted legal territory, where the potential for litigation looms large. Seasoned legal cybersecurity specialists can help navigate the intricate web of legal obligations and minimize the impact of litigation. Engaging expert counsel should not be a back-end afterthought; it's a front-end strategy that can protect victim organizations’ reputation and save them from costly missteps.

 << Previous Post                      Next Post: Security Controls

Need help now? Contact us at ask@moxfive.com or on our website and talk to one of our technical advisors.  

James Gimbi

James Gimbi brings over ten years of breach response, cybersecurity strategy, and public interest technology experience to MOXFIVE. He investigated state sponsored and criminal cyber attacks across defense, finance, healthcare, and government and advanced bipartisan privacy and technology initiatives as a policy advisor in the US Senate. James's blended expertise helps corporate and federal leaders reduce cyber risk and tackle complex threats.

Experts predict there will be a ransomware
attack every 11
seconds in 2021.
from Cybercrime Magazine
Our mission is to minimize the business impact of cyber attacks. 


Incident Response

MOXFIVE provides the clarity and peace of mind needed for attack victims during the incident response process. Our platform approach enables victims of attacks to work with a Technical Advisor who provides the expertise and guidance needed in a time of crisis, and facilitates the delivery of all technical needs required, consistently and efficiently.

Learn More

Business Resilience

With experience on the front lines responding to incidents daily, MOXFIVE Technical Advisors have the unique ability to connect the dots between business, information technology, and security objectives to help you quickly identify the gaps and build a more resilient environment.

Learn More