Ransomware Attacks - The SEC, NYDFS and Other Regulatory Trends

Sara Sendek is a Managing Director in the Cybersecurity & Data Privacy Communications practice and a cybersecurity communications expert with more than 15 years of experience in strategic communications and media relations.

Ms. Sendek provides communications counsel on cyber incident response and preparedness measures and has worked on some of the largest cyber incidents in recent years. She has experience navigating a variety of complex cyber incidents involving data theft and extortion, nation-state actors and advanced persistent threats (“APTs”), insider threats and more.

Ms. Sendek previously served as the director of public affairs for the Cybersecurity & Infrastructure Security Agency (“CISA”). In this role, Ms. Sendek oversaw CISA’s media relations operation, played a key role in the 2020 election security efforts, and was a lead in the federal government response efforts to the SolarWinds compromise.

Ms. Sendek also served as the former White House director of rapid response during the Bush Administration and, more recently, spent time on the Aspen Institute’s Commission on Information Disorder. She currently serves as a member of the United States Secret Service’s Cyber Investigations Advisory Board.

Erez Liebermann is a litigation partner and a member of the firm’s Data Strategy & Security Group. His practice focuses on advising major businesses on a wide range of complex, high-impact cyber incident response matters and on data-related regulatory requirements.

With decades of experience in data issues as a litigator, federal prosecutor and senior in-house counsel at a global financial services company, combined with technical training as an aerospace engineer, Mr. Liebermann regularly advises clients at the C-suite and board level on building strategies to reduce their data-related regulatory and reputational risks, and on navigating high-profile investigations following cyber incidents. He is also widely acknowledged as a leading cybersecurity and data privacy professional and is ranked among the leading lawyers by Chambers Global (2024), Chambers USA (2023) and The Legal 500 (2023). Clients note that he is “very talented” and “one of the most intelligent attorneys, [and] very practical and great to work with.”

Prior to joining Debevoise, Mr. Liebermann co-chaired the U.S. cybersecurity and privacy practice of another international law firm where he advised companies on a broad range of data privacy and cybersecurity issues. Before that, Mr. Liebermann served as Chief Counsel of Cybersecurity & Privacy at Prudential, where he led the company’s legal, regulatory and investigative matters on cyber, privacy, data science and artificial intelligence, including advising the company’s senior management and board. In addition to his role as counsel, Mr. Liebermann built and managed Prudential’s global technical incident response, threat intelligence and threat hunting team.

Before that, Mr. Liebermann spent 10 years investigating and prosecuting global cyber and white-collar crimes as Deputy Chief of the Criminal Division of the U.S. Attorney’s Office for the District of New Jersey. He also served as Chief of the Computer Hacking and Intellectual Property Section, and National Security Cyber Specialist where he led groundbreaking cyber prosecutions, including the largest credit card hacking case charged to date, US v. Vladimir Drinkman et al., relating to hacks into 7-Eleven, JC Penney, Heartland Payment Systems, Hannaford Brothers, Visa, Jet Blue, and others. He also prosecuted a group of individuals for leading a stock pump and dump scheme facilitated by a global botnet. He received the Attorney General’s Distinguished Service Award for the Drinkman prosecution. His cases are featured in numerous television shows and the WSJ podcast, Hack Me If You Can.

In 2023, Mr. Liebermann was appointed by the Chief Justice of the New Jersey Supreme Court to serve on the Court’s AI Committee and is Vice Chair of the Association of Law Insurance Counsel’s Data and Technology Section. He is also on the Department of Treasury’s Cybersecurity Public Affairs Committee. He was formerly a member of the New York State Cybersecurity Advisory Board and was on the Cybersecurity and Policy Committees of the Financial Services Sector Coordinating Counsel. He is an Adjunct Professor at the University of Texas School of Law – Austin, teaching Cyber Incident Response, and a Fellow for the NYU Tandem’s Cybersecurity program.

Earlier in his career, Mr. Liebermann served as a law clerk to Chief Justice Deborah Portiz of the New Jersey Supreme Court and U.S. District Court Judge Faith Hochberg in Newark.

Mr. Liebermann received his J.D. from Columbia Law School in 1999 and his B.S. in aerospace engineering from the University of Virginia in 1996.

Eric B. Gyasi provides proactive and strategic guidance to help clients address cybersecurity enterprise risk management, and he leads clients through the response to security incidents. Eric is uniquely qualified to help clients navigate the legal and business risk issues at the intersection of incident response and cybersecurity regulatory enforcement due to his legal acumen paired with his crisis communications and digital forensics background. A strategic thinker valued for his business-minded judgment, Eric advises boards of directors regarding the duty of oversight related to cybersecurity and the executive management team on compliance with complex regulatory requirements in a risk-informed manner.

Eric shepherds clients through cybersecurity incidents including network breaches, ransomware attacks, wire transfer fraud, business email compromises, financial crimes, corporate espionage and state-sponsored critical infrastructure intrusions. He leads and manages digital forensic investigations; develops and implements tailored cyber incident response strategies; prepares and drafts regulatory, government and shareholder disclosures; and crafts crisis communication strategies.

Eric is an active and engaged thought leader in the cybersecurity and data privacy industry. Designated as a Certified Information Privacy Professional (CIPP/US) by the International Association of Privacy Professionals (IAPP), he is frequently called upon to present seminars and CLEs to industry groups on evolving cybersecurity issues and other key digital forensic issues. He is a member of the Sedona Conference and a contributing author to Working Group 11 – Data Security and Privacy Liability.

David Navetta is a prominent leader in privacy, information security and technology law. He has extensive experience counseling clients on novel and cutting-edge data protection issues, including data breach response, cybersecurity risk management, consumer and employee privacy, incident response planning and preparedness, technology transactions, vendor management, board of director advice and consultation, regulatory investigations, litigation and due diligence in corporate transactions. David serves as a "breach coach" on an approved panel for numerous cyber insurance carriers and companies, and he has helped some of the world’s leading corporations to effectively respond to complex data security breaches and protect their enterprise. David’s clients range from startups to large Fortune 500 multinationals across a range of industries, including e-commerce, consumer products, name-brand traditional brick-and-mortar, hotels and hospitality, social media, technology, professional services, healthcare, financial institutions and energy.

David has served as a leader and integral member of a Chambers USA-ranked law firm he co-founded. He is known for his leadership and extensive experience in privacy and data protection law and is recognized by Chambers USA as a leading lawyer for privacy & data security from 2020 – 2023, by Legal 500 USA as a leading lawyer for international litigation and data protection & privacy from 2016 – 2020, as well as by WWL: Data in the area of Information Technology and Data Privacy & Protection. He is also a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals.

David’s diverse legal experiences over his career have provided him with a unique perspective and pragmatic approach to enterprise security, including serving as the former US co-chair of Norton Rose Fulbright’s data protection, privacy and cybersecurity practice group; his own entrepreneurial endeavor co-founding InfoLawGroup LLP; former assistant general counsel for AIG’s eBusiness Risk Solutions Group in New York for over three years; former co-chair of the American Bar Association's Information Security Committee and former chairman of the organization’s Contracting & Risk Management Working Group; and former co-chair of PCI’s Legal Risk and Liability Working Group.

David speaks and writes frequently concerning technology, privacy and data security legal issues, and is frequently cited as an expert in the press and otherwise.