Cybersecurity Solutions
Click here for more information about our Cybersecurity Solutions team, and here for more information about our technical and management consultants.
Our team is focused where business leaders are focused—on practical and comprehensive solutions. Our integrated team of lawyers and technical professionals guide your organization end-to-end, from prevention to planning and response to cyber incidents. We work with you to conduct proactive assessments; train your staff; institute policies and procedures; and help you respond rapidly if an incident occurs. This suite of comprehensive services has been crafted to provide what clients tell us they need at every stage. Click here for a more in-depth look at how our lawyers and technical professionals help you:
Assess. Your organization is unique, and so are the issues you face. To help create the right solution, our integrated team of lawyers and technical and risk consultants provides:
• Identification of your threat profile, global legal obligations and risk, and incident and response readiness
• Integrated legal, technical and risk analysis and counseling on industry-specific security and IT risk management obligations, senior leadership duty and care obligations, government procurement requirements, CIFIUS, the SAFETY Act, regulated data handling and other regulatory requirements
Prepare. Planning before an incident occurs is crucial to cyber risk management, which is why we offer:
• Development of enterprise-wide response plans and incident response simulations
• Development and facilitation of tabletops and other forms of incident simulations
Respond. Our multi-disciplinary team of lawyers and technical professionals is there to prevent you from being overwhelmed in the wake of an incident, through:
• 24/7/365 support and counseling
• Management of breach notification, communications and public relations, law enforcement interactions, and vendor and forensic expert identification
Engage. Leveraging our presence in Washington, D.C. and other major policy centers, we help you with:
• Identification of and interaction with the appropriate law enforcement, regulatory, and other government officials
• Facilitation of multi-company interaction on issues relevant to a broad group of stakeholders
Defend. Our seasoned team’s approach to potentially costly and damaging suits is both strategic and pragmatic. We are experienced in navigating:
• Government investigations, enforcement actions, and litigation
Ready, Set, Respond
From their work counseling clients across the globe, our cross-practice team of cybersecurity lawyers is at the forefront of understanding the tools in-house counsel need to navigate the rapidly evolving landscape. We developed Ready, Set, Respond in order to provide clients with practical and accessible perspectives on some of the challenges we know they face, from testing the strength of their incident response plans to practical and readable summaries of cybersecurity developments in key jurisdictions.
Technical and Management Consulting
Cyber Risk Services: Hogan Lovells’ Technical and Risk Management Consulting Services
To provide our clients with comprehensive, timely advice and solutions to your organization’s unique cybersecurity challenges, our dedicated group of technical and risk professionals works side-by-side with our market-leading lawyers. Clients receive tightly integrated and complementary legal and management counsel, creating a seamless experience that is provided under attorney-client privilege.
The technical knowledge and training of our consultants and lawyers allows us to work directly with a client’s IT security team, as well as in-house counsel, with no lost time for “translation” of specialized terminology or concepts. And our experience within, and working with, law enforcement and other government agencies, enables us to counsel and support internal investigations and external interactions with practical, informed advice.
Our technical professionals, consultants, and lawyers work with you end-to-end on planning, preparation, and response issues. In particular, our consultants partner closely with our lawyers on:
• Program development. We evaluate cyber threats; analyze preparedness; review policies, procedures and technical capabilities against best practices; develop policies and procedures for oversight and management of risk; and evaluate vendor cybersecurity practices.
• Incident and crisis response. We develop plans and procedures for investigating and responding to cybersecurity incidents, testing response capabilities, managing the response, providing technical and procedural recommendations, and supporting incident response and investigations.
• Regulatory compliance (HIPAA, ITAR, PCI, NNPI, etc.). We develop policies, procedures, and technical cybersecurity requirements needed to comply with regulations; review existing policies, procedures, and capabilities; and recommend mitigations necessary to comply with regulations.
• Training and Awareness. We evaluate threats from employees and contractors; analyze the capability to protect against inside threats; evaluate internal cultural awareness; and recommend, develop, and deliver cybersecurity awareness and best practices training.
Taking on your cyber challenges
You’ll want to know that the consultants and lawyers you work with have the technical and legal experience to see you through every phase. A few examples of how our integrated team has helped both big and small companies over the years include:
• Technical oversight of third-party forensics report preparation: After a major payment card breach at a leading U.S retailer, our technical consultants reviewed and advised on the scope and conduct of a third-party technical investigation, conducted a technical review of multiple drafts of the forensics report, worked with forensics experts, and helped shape the report’s favorable findings and practical recommendations.
• Summarize complex technical facts in support of legal defense: When a market-leading company suffered a data breach involving more than 50 million records containing sensitive personal information, our lawyers and consultants created a summary of the key legal arguments and a plain-language description of the technical and business facts that supported them, which was then used by the client to prepare its defense and settlement strategy.
• Risk management assessment: We assessed the cybersecurity risk management approach of a major cable and internet services provider. After interviewing the chief information security officer, CIO, COO, and other key stakeholders, we recommended the client adopt a governance framework and approach more aligned with industry standards and legal frameworks.
• Confirm the absence of cyber attackers: Our lawyers helped a leading health insurance company retain a respected forensics firm to conduct a technical scan of the client’s systems. Our cybersecurity consultants participated in the scoping and review meetings and reviewed the resulting report, providing the client with the reassurance that the work performed would help demonstrate, as much as reasonably possible, that all steps had been taken to protect the client’s data and systems.
Experience
• Helped a major retailer coordinate an overall legal response to a card breach affecting over 50 million, including oversight of key forensics investigation and report; acting as lead counsel for internal investigation and regulatory compliance; and counsel to agency investigations.
• Coordinated all legal aspects of a response to a breach at a major health insurer affecting more than 70 million records; served as lead counsel for internal investigation, class action litigation, and response to multiple agency investigations.
• Prepared incident response plan for a large integrated energy company’s 150-person legal department; helped prepare a legal risk analysis in the event of a major breach.
• Prepared company-wide incident response plan for major media and entertainment company; prepared for and participated in senior management tabletop; drafted data classification policy; counseling on law enforcement and information-sharing efforts.
• Counseled a major insurance and financial services company’s audit committee and other senior management reports in the wake of a significant cyber attack; advised on company’s response to attack and led presentation to full board of directors.
• Reviewed a regional bank’s cybersecurity policies and procedures, including results of recent company-wide tabletop exercise, and provided recommendations to general counsel and his team.
• Working with chief information security officer and head of risk, we prepared and led a tabletop exercise involving the most senior management of a large global fashion retailer and wholesaler.
• Counseled a major cable and internet services provider’s general counsel and senior management on the governance and structure of the company’s cybersecurity program; drafted and reviewed cybersecurity policies and procedures; provided them with a strategy for evolving their program.
• Counseled a regulated broker-dealer on design and approach of cybersecurity compliance and risk management; designed and led a tabletop exercise for senior management.
