Young pensive policeman or investigator holding criminal profile in hands

Coordinating with authorities after a cyber breach

A cyberattack can lead to numerous problems. For instance, a company might have to pay a significant ransom if their systems and data are locked by a cybercriminal. The perpetrator could gain access to sensitive emails of key personnel or even steal trade secrets. The company might also have to inform various parties such as customers, shareholders, business partners, or regulators that their sensitive data has been compromised. It could even face lawsuits from these stakeholders. On top of that, the company might be scrutinized by state and federal government investigators to evaluate its cyberattack response and prevention measures. When facing a government investigation post a cyberattack, a business should remember the following three points:

  1. Seek the guidance of expert cybersecurity legal advice before responding. In the chaos of a cyberattack, it’s natural for a business to want to respond quickly to government inquiries. However, without legal counsel, this can lead to the unnecessary disclosure of potentially harmful information. A business might unintentionally reveal legally privileged information or details outside the government’s jurisdiction. Legal advice can help manage communication with the government, fielding requests and responding appropriately on behalf of the business.
  2. Cooperation with investigators is critical, but do so wisely. Working in conjunction with legal counsel, a business should cooperate fully with the government investigation. This involves sharing details like indicators of compromise, malware, and other forensic evidence to aid in the investigation and apprehension of the perpetrator. However, cooperation doesn’t mean revealing attorney-client privileged communications or granting unrestricted access to the business’ systems, data, or facilities. It’s about assisting the government while avoiding the release of any information that could be used against the business in terms of liability for the attack.
  3. Be prepared to demonstrate your proactive security measures. The government will likely want to know what preventive measures a business had in place before the cyberattack and what steps are being taken to stop future attacks. This includes the implementation of technical safeguards like endpoint monitoring, antivirus software, and security patches. Businesses should also invest in cybersecurity insurance, keep their written security policies updated, and regularly conduct cybersecurity incident response training. These are standard precautions that all businesses are now expected to have in place in preparation for a cyberattack.

Managing a government investigation following a cyberattack demands a careful and considered approach. Properly handling it can help a business reduce potential liability, risk, and further harm.

Related Articles

Receive our latest insights weekly

That's a great idea and ITLA makes it simple.

Click the button below to schedule a paid one-hour zoom call with an ITLA attorney. 

Dan Liutikas

ITLA Manging Partner
Let's Work Together

Getting Started with ITLA is Simple

Book a Call

Click the book a call button and make an appointment online.

Develop Approach

Create an action plan for a specific matter or your overall legal needs.

Achieve Results

Enjoy exceptional outcomes and protect your org