Cybersecurity & Privacy

Businesses can no longer ignore the potential risk of a cyber-incident and the potential compromise it may have on sensitive data. With cybercrime on the rise, your business needs to be prepared and understand your level of cyber-exposure – as well as how to proceed in the event a cyber-incident occurs.

Inadequate preparation and response are now potentially damaging as the monetary costs associated with cyber-incidents has increased by staggering amounts yearly.  For instance, the FBI reported that cybercrime in the U.S. cost its victims at least $1.4 billion in 2017.  Moreover, it is estimated that worldwide cybercrime costs could exceed $6 trillion by 2021.  Cybercrime has become so profound that Ginni Rometty, IBM’s chairman, president, and CEO has publicly stated:

We believe that data is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true—even inevitable—then cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.


Brooks Kushman’s Cybersecurity and Privacy Practice

For over 35 years, Brooks Kushman has applied ever-changing intellectual property laws and regulations to clients’ cutting-edge computing technology and business processes.  In today’s computer driven world, all businesses handle some form of sensitive data, which, if compromised may have devastating effects on its image in the marketplace.

Our team provides a host of services to assist in developing effective plans to secure your business’ data and to prepare a response plan addressing what should be done in the event of a data breach or other cybersecurity incident. Our experience goes beyond legal matters, with deep technical expertise in information technology to help your company with all aspects of cybersecurity.  We will work alongside your Chief Information Officer, Chief Information Security Officer, and legal personnel to provide guidance regarding all laws and best practices applicable to your company.

For companies that do not have dedicated cyber-counsel, we are prepared to become an extension of your internal team to assist in the establishment of proper protocols. In essence, we are prepared to act as your “Virtual Inside Cyber Counsel” (vICC).


How We Can Assist You

Preventative Assistance:

Our team is prepared to help assess your current cybersecurity/data privacy protocols and business practices.  Such an assessment would include auditing your company’s data utilizing AI-based categorization software.  Our audit is then used to evaluate which state, federal, and international privacy laws may be applicable to your business.

We will assist you in developing a comprehensive incident response plan that ensures your business is complying with applicable laws.  Such plans could include:

  • Assist in drafting an information security policy to ensure employees are aware of their roles and responsibilities in the event of a cyber-incident and to ensure that notification templates are prepared to report any cyber-incident.
  • Assist in drafting necessary privacy policies, including website privacy notices, terms and conditions, and written information security policies.
  • Assist in resolving compliance questions that may arise.

We will work with your cyber-team to tailor a training program to educate your employees to help develop healthy habits making them allies–rather than a chink in your cyber-defense. Training your workforce is vitally important as it is estimated that one-third of all breaches are due to insider breaches.


Penetration Testing:

Our team is prepared to perform penetration testing and security auditing to identify potential vulnerabilities that may be exploited leaving your business open to cyber-attacks.  Working with pen testing experts, we will look for security gaps in your system that could lead to stolen records, compromised credentials, intellectual property loss, exposure of personally identifiable information (PII), cardholder data theft, loss of personal and/or protected health information, data ransom, or other harmful business outcomes. We will then prepare a confidential report that can help mitigate and protect your vital business data from future cybersecurity attacks.


Data Breach Response:

We are available to provide around-the-clock support in the unfortunate event a cyber-incident occurs.  After a cyber-incident, our team will help determine the nature of the breach, the data compromised, and the potential root cause.

We will help you determine whether the cyber-incident requires notification to customers or notification to state, federal, or international agencies.  Lastly, our team is ready to provide litigation support and defense that may be required due to a cyber-incident occurrence.


Cyber-Insurance Assistance:

Cyber-insurance is intended to provide coverage for businesses that electronically transmit and store customer data.  Our team can review existing policies or assist you in obtaining a cyber-insurance policy that adequately covers data and security breaches, cyberextortion, and damage to your reputation due to a cyber-incident.  Our team will work to ensure you have the proper cyber-insurance package needed based on your business’s exposure level.


Merger & Acquisition Assistance:

We will also assist your business to ensure proper cyber-security due diligence is performed during any potential merger and acquisition.  Cyber-security due diligence can be vital during M&A transactions – especially when a previous cyber-incident may have already devalued a target’s digital assets.


Agreement Drafting and Negotiation:

We are also versed in drafting and negotiating cyber-related agreements. We can meet your needs relating to security policies, privacy policies, confidentiality agreements, and other agreements relating to personal identifiable information (“PII”).

  • CCPA Final Regulations Now In Full Effect
    Wednesday, August 19, 2020

    On August 14th, the Office of the Attorney General (OAG) announced the final regulations for the California Consumer Privacy Act (CCPA) had been approved by the Office of Administrative Law (OAL). According to an official press release from Attorney General Xavier Becarra, these final regulations are now in full effect. The...

  • First Data Breach Lawsuit Filed Based On California Consumer Privacy Act
    Friday, February 07, 2020

    In the first-of-its-kind privacy lawsuit, Hanna Andersson and have been accused of violating the California Consumer Privacy Act (“CCPA”).  (Barnes v. Hanna Andersson, LLC, N.D. Cal., No. 20-cv-00812.)  This case is unique because the CCPA just became operative on January 1st, but the complaint relates to an alleged breach...

    • Brooks Kushman Shareholder John Rondini Published in Thomson Reuters Westlaw® Expert Analysis Publication
      Tuesday, April 28, 2020

      SOUTHFIELD, Mich., - Brooks Kushman Shareholder John Rondini was published in a Thomson Reuters Westlaw® Expert Analysis Publication. His article titled “Michigan Auto Dealerships Are At Risk of Cyber Attacks During the COVID-19 Crisis – Here’s How to Combat Against the Threats” discusses the cybersecurity threats facing the automotive industry and...

    • The Countdown Begins on California’s “Internet of Things” Law
      Monday, October 28, 2019

      Gone are the days when your thermostat simply controlled the heater or air-conditioning system.  Nest disrupted this industry when introducing its “smart” thermostat back in 2011.  Fast-forward eight years, and Nest’s thermostat no longer operates alone.  Instead, it is now one of over 25 billion “Internet of Thing” (IoT) devices...

    • Preparing for a potential breach - Tips for creating an Incident Response Plan
      Wednesday, April 17, 2019

      As the adage goes, “security is a process, not a product.” And when—not if—your business encounters a data breach a clearly documented incident response plan will help delineate (1) what steps need to be taken during a breach; and (2) the response team that will handle all aspects of the breach. In...

      • Cybersecurity Insights and Trends for Small Businesses
        Wednesday, March 24, 2021

        It is not a question of “if” your company will be subjected to a cyber-attack, but more of a question of “when.”  And with the cost of responding to a cyber-attack now averaging almost $4 million, small businesses need to ensure they are prepared and ready to respond. During this...

      • 2020 Cybersecurity and Data Privacy Year in Review
        Thursday, January 28, 2021

        This past year we saw a precedential number of changes to the cyber landscape, exacerbated by the COVID pandemic causing incredible amounts of workers and companies to move to a more virtual format of conducting business as well as consumers moving to digital and virtual platforms. These legal changes and...

      • Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
        Tuesday, February 04, 2020

        Changes in the cyber and data privacy landscape continued to have a meaningful impact on companies throughout 2019. Over the past year, there were numerous breaches and cyber-attacks as well as changes in cyber/privacy legislation that significantly impacted all industries. In this webinar, topics covered will include: Major data breaches, including...

      • Technology Licensing Basics - What You Need to Know
        Wednesday, October 09, 2019

        Intellectual property licensing skills for software and other technology have become an increasingly valuable tool for in-house counsel. From licensing software to massive data sets, listen to this webinar to learn what you need to know to draft these sometimes complicated agreements. Speakers discussed what you need to look for when...