Lessons lost: how lawyers undermine cybersecurity investigations
Co-hosted with the Luddy School and the Hamilton Lugar School
Attending in person? In-person lunch registration
Not attending in person? Livestream
Lawyers lead the investigations for many cybersecurity incidents, ranging from data breaches to ransomware, in part because they can often shield any materials produced after a breach from discovery under either attorney-client privilege or work product immunity.
Moreover, by limiting and shaping the documentation that is produced by breached firms’ personnel and third-party consultants in the wake of a cyberattack, attorneys can limit the availability of potentially damaging information to plaintiffs’ attorneys, regulators, or media, even if their attorney-client privilege and work product immunity arguments falter.
This talk draws on a project involving over sixty interviews with a broad range of actors in the cybersecurity landscape—including lawyers, forensic investigators, insurers, and regulators—to explore the impact of legal leadership on cybersecurity investigations and reveal how, in their zeal to preserve the confidentiality of incident response efforts, lawyers may sometimes undermine the long-term cybersecurity of both their clients and society more broadly.