Key takeaways

  • Utilities are frequently targeted by cyber-attackers because they represent a critical component of infrastructure and are aggregating large quantities.
  • Utilities of all sizes are a target, particularly in view of their increased reliance on data and proliferation of ransomware that can disable or disrupt services.
  • “It is a technical issue, and we have good IT” is not an answer. Even the best IT is vulnerable. Technical assessments alone are insufficient to ensure that a company is protected in view of all legal and business risks.
  • Enlisting a specialized and trusted legal advisor allows a company to tailor its approach in the most effective and efficient way in conjunction with all relevant stakeholders, including technical, legal, and business personnel. Such an advisor can leverage experience to provide a high return of risk reduction with lessons learned and best industry practice.
  • Preparation costs can be recouped quickly in the event of an incident. Proper planning includes training, establishing protocols, and forming relationships without the stress and urgency following an incident. This preparation results in better containment, quicker resolution, and lower costs.

Legal Considerations

Assessments should be done under the direction of counsel. Organizations are routinely addressing attendant legal concerns in insurance, privacy, contracts, evidence preservation, internal investigations, and interactions with regulators and law enforcement.

Benefits of a Cybersecurity Program

Increasingly, companies are expected to be making the security of all of their non-public information a top priority. A relationship with a trusted advisor and the implementation of a Cybersecurity program will provide peace of mind and facilitate rapid and less-costly resolution of incidents when they occur.

Each of the following implicates legal considerations; which services does your organization need?

  • Cybersecurity Insurance Advice
  • Cybersecurity Assessment
    • Current Profile, Gap Analysis, Action Plan
  • Action Plan Implementation
  • Vendors
    • Due Diligence
    • Best Practices for Contracts
    • Auditing
  • Written Policies and Procedures
    • Information Security Program
    • Incident Response Plan
    • Employee Exit Procedures
    • Privacy/Social Media Policies
  • Training
    • Training Plans and Materials
    • Learning Management Programs
    • Classes, Hands-on Instruction
    • Tabletop Exercises / Incident Response Preparation
  • Response and Investigative
    • Incident Response
    • Internal Investigations
    • Managing Forensic Consultants
    • Breach Notifications
    • Liaison with Regulators, Law Enforcement