According to a recent Ponemon Institute/IBM report, the average period of time to identify and contain a data breach is 280 days. Many times, a breach will be detected either from an outside source, or as a result of a more manifest attack. Thus, cyber experts anticipate that, as a result of the COVID-19 pandemic and resulting vulnerabilities arising from organizations’ need to rollout a remote work environment overnight, many organizations’ systems already have been compromised and that those incidents will surface during the fourth quarter of 2020. Given recent decisions in the federal courts, organizations and their cyber counsel need to reconsider how to respond to cybersecurity incidents in order to strengthen the ability to protect data breach forensic reports from discovery in subsequent litigation.

An overarching question many organizations and their attorneys now are asking is whether companies that have sustained a data breach should conduct two separate and independent investigations in order to strengthen privilege claims over investigations managed by outside counsel? In some instances, the answer may be yes.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]