Businesses can no longer ignore the potential risk of a cyber-incident and the potential compromise it may have on sensitive data. With cybercrime on the rise, your business needs to be prepared and understand your level of cyber-exposure – as well as how to proceed in the event a cyber-incident occurs.
Inadequate preparation and response are now potentially damaging as the monetary costs associated with cyber-incidents has increased by staggering amounts yearly. For instance, the FBI reported that cybercrime in the U.S. cost its victims at least $1.4 billion in 2017. Moreover, it is estimated that worldwide cybercrime costs could exceed $6 trillion by 2021. Cybercrime has become so profound that Ginni Rometty, IBM’s chairman, president, and CEO has publicly stated:
We believe that data is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true—even inevitable—then cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.
Brooks Kushman’s Cybersecurity and Privacy Practice
For over 35 years, Brooks Kushman has applied ever-changing intellectual property laws and regulations to clients’ cutting-edge computing technology and business processes. In today’s computer driven world, all businesses handle some form of sensitive data, which, if compromised may have devastating effects on its image in the marketplace.
Our team provides a host of services to assist in developing effective plans to secure your business’ data and to prepare a response plan addressing what should be done in the event of a data breach or other cybersecurity incident. Our experience goes beyond legal matters, with deep technical expertise in information technology to help your company with all aspects of cybersecurity. We will work alongside your Chief Information Officer, Chief Information Security Officer, and legal personnel to provide guidance regarding all laws and best practices applicable to your company.
For companies that do not have dedicated cyber-counsel, we are prepared to become an extension of your internal team to assist in the establishment of proper protocols. In essence, we are prepared to act as your “Virtual Inside Cyber Counsel” (vICC).
How We Can Assist You
Our team is prepared to help assess your current cybersecurity/data privacy protocols and business practices. Such an assessment would include auditing your company’s data utilizing AI-based categorization software. Our audit is then used to evaluate which state, federal, and international privacy laws may be applicable to your business.
We will assist you in developing a comprehensive incident response plan that ensures your business is complying with applicable laws. Such plans could include:
- Assist in drafting an information security policy to ensure employees are aware of their roles and responsibilities in the event of a cyber-incident and to ensure that notification templates are prepared to report any cyber-incident.
- Assist in drafting necessary privacy policies, including website privacy notices, terms and conditions, and written information security policies.
- Assist in resolving compliance questions that may arise.
We will work with your cyber-team to tailor a training program to educate your employees to help develop healthy habits making them allies–rather than a chink in your cyber-defense. Training your workforce is vitally important as it is estimated that one-third of all breaches are due to insider breaches.
Our team is prepared to perform penetration testing and security auditing to identify potential vulnerabilities that may be exploited leaving your business open to cyber-attacks. Working with pen testing experts, we will look for security gaps in your system that could lead to stolen records, compromised credentials, intellectual property loss, exposure of personally identifiable information (PII), cardholder data theft, loss of personal and/or protected health information, data ransom, or other harmful business outcomes. We will then prepare a confidential report that can help mitigate and protect your vital business data from future cybersecurity attacks.
Data Breach Response:
We are available to provide around-the-clock support in the unfortunate event a cyber-incident occurs. After a cyber-incident, our team will help determine the nature of the breach, the data compromised, and the potential root cause.
We will help you determine whether the cyber-incident requires notification to customers or notification to state, federal, or international agencies. Lastly, our team is ready to provide litigation support and defense that may be required due to a cyber-incident occurrence.
Cyber-insurance is intended to provide coverage for businesses that electronically transmit and store customer data. Our team can review existing policies or assist you in obtaining a cyber-insurance policy that adequately covers data and security breaches, cyberextortion, and damage to your reputation due to a cyber-incident. Our team will work to ensure you have the proper cyber-insurance package needed based on your business’s exposure level.
Merger & Acquisition Assistance:
We will also assist your business to ensure proper cyber-security due diligence is performed during any potential merger and acquisition. Cyber-security due diligence can be vital during M&A transactions – especially when a previous cyber-incident may have already devalued a target’s digital assets.
Agreement Drafting and Negotiation:
We are also versed in drafting and negotiating cyber-related agreements. We can meet your needs relating to security policies, privacy policies, confidentiality agreements, and other agreements relating to personal identifiable information (“PII”).
BK Cyber and Privacy Packages
Since the needs of every business are unique, we are ready to provide whatever level of support you may need. We also offer the following bundled packages that provide different levels of year-round coverage.
|Small Enterprise||Medium Enterprise||Large Enterprise|
|$3,000/month or $33,000/year||$6,000/month or $65,000/year||Call for Pricing|
|Cyber-Incident Response Planning||✔||✔||✔|
|Privacy Compliance Assistance||Annual||Biannual||Unlimited|
|Cyber-Insurance Policy Review||Annual||Biannual||Unlimited|
|Privacy Data Classification||✔||✔|
|Penetration Testing||Every 3 Years||Every 2 Years||Unlimited|
|Social Media Security & Digital Risk Monitoring||✔||✔|
|Data Breach Response||72-Hour Response Time||72-Hour Response Time||24-Hour Response Time|
|Executive Cyber-law and Liability Training||✔||✔||✔|
|Cyber-security Awareness Training||✔||✔||✔|
|Agreement Drafting and Review||✔||✔|
As the adage goes, “security is a process, not a product.” And when—not if—your business encounters a data breach a clearly documented incident response plan will help delineate (1) what steps need to be taken during a breach; and (2) the response team that will handle all aspects of the breach. In...