Whether you own a small privately held company or operate a multinational conglomerate, robust cybersecurity is critical. As data privacy laws and the tactics of cyber criminals continue to evolve, businesses need trusted advisors to guide them through the complex web of compliance obligations, responses to and mitigation of data breaches, investigation, and litigation. Led by Jack Harrington, CMM’s Cybersecurity team offers clients critical guidance on a full range of issues related to data privacy and cybersecurity.

Cybersecurity Policies & Training
Each industry faces a unique set of requirements and needs when it comes to data protection; a one-size-fits-all approach does not work. We help clients identify and meet those needs by drafting comprehensive cybersecurity policies and programs appropriate for their particular circumstances.

We also understand proper training of those charged with carrying out these policies is critical. Therefore, once a strong cybersecurity policy is in place, we work with clients to train their employees and relevant third party vendors on how to effectively put the policy into practice.

Compliance and Breach Prevention; Breach Response, Investigation, and Defense
From the federal HIPAA and HITECH in the healthcare industry to the recent DFS Rule impacting New York companies in the financial sector, our team works with clients to identify the compliance and reporting obligations in their particular industry.

In addition to drafting and implementing the policies to help our clients meet these obligations, we also arm businesses with the tools they need to respond to a data breach should one arise. While working with clients to meet their many obligations in the event of a cyberattack, we also remain focused on minimizing the disruption these events can cause. To that end, we encourage our clients to have legal counsel involved in their cybersecurity efforts before a breach occurs to minimize risk and preserve the attorney-client privilege to the maximum extent possible. We are also equipped to work with the appropriate regulatory and government agencies to investigate and respond to a breach, as well as to aggressively defend our clients in cybersecurity litigation.

In an effort to prevent cyber events from occurring in the first place, we also work with clients to draft and review their contracts with vendors and customers with an eye toward data protection. We also advise buyers and sellers of businesses throughout the M&A process on the cybersecurity implications involved in the deal. We offer practical solutions and guidance to help deals get done in the face of cybersecurity challenges.

Cybersecurity Insurance
With the unprecedented rise in cyberattacks, particularly against businesses that collect and store the personal, medical, or financial data of their customers, businesses are well advised to invest in cybersecurity insurance coverage. However, not all insurance policies are created equal. Our attorneys help clients evaluate their unique risk profile and negotiate key provisions in their cybersecurity insurance policies. We are well versed in the fundamental issues impacting the strength of cybersecurity insurance policies and can effectively analyze the impact of a proposed policy’s exclusions, triggering events, and more on your business.