4 Tips for Involving Legal Counsel in Cyber Security Investigations

Cyber Law

Most companies recognize that a cyber attack will require the company to engage outside counsel. But, do you know what that engagement should encompass, what role outside counsel should play, or what benefits can be gained by managing the relationship effectively? Trust me – you do not want to discover the answers to these questions in the throes of a crisis. Preparedness is key in the success of managing a cyber security incident.

Here are four considerations for your cyber security plan.

1. Keep the roles of legal counsel and technical or forensic consultants separate.

This sounds obvious, but highlights an important point: There should be a clear division of responsibility between professional forensic consultants and cyber security counsel. Some companies cross these lines and ask counsel to answer questions best directed to forensic consultants, or ask forensic consultants to provide legal advice. Your company will be best served by establishing clear roles for each.

2. Consider the benefits of having counsel engage and direct your forensic consultant.

Any time there is a cyber incident, a company needs to find out the facts – what was compromised, what broke down, and what was the impact. That said, you may not want that information available to an adverse party in litigation, and you do not want your consultants to be afraid to be frank with you. The best way to achieve this is to engage counsel about the potential for litigation, and to retain the forensic consultant to work at counsel’s direction to assist counsel in rendering legal advice. Under federal rules and most state rules, you will have a strong argument that the forensic consultant’s work product is privileged, and that the consultant is a non-testifying expert that cannot be examined by an adverse party in litigation.

3. Have counsel advise management.

Given the financial and public relations impact of recent breaches, top executives and board members will need be engaged and fully informed about cyber incidents. Good outside counsel will work to translate the technical findings and considerations into business and legal concerns and make it easier for top management to understand issues and make decisions.

4. Engage counsel to help with going-forward strategies.

Once you understand what happened and have “stopped the bleeding,” your company will need to decide how (if at all) your policies and procedures will change. Those decisions have legal ramifications, and your counsel can provide advice that should be taken into consideration along with the advice of your IT group, PR department or other administrative entities.

This list is not exhaustive. You will likely need counsel to evaluate insurance coverage issues, review contracts that might have been impacted by the incident, and monitor document retention issues related to possible litigation, among other things. But if you keep these considerations in mind, and discuss the scope of representation up front, you will be better situated to use counsel more effectively during a time of crisis.

[ Image courtesy of Stuart Miles / FreeDigitalPhotos.net ]

Share this story


  1. says

    Thanks for the information on involving legal counsel in my cyber security investigation. I’ll be sure to “keep the roles of legal counsel and technical or forensic consultants separate”, as you suggest. Do you have any other tips for me?

  2. says

    I like how you said, “Engage counsel to help with going-forward stategies”. I regularly talk with my lawyer about anything I need. It helps me know exactly what to do if problems arise. Furthermore, I get to learn more about the law. Do most people have a lawyer to rely on?

  3. says

    Good advice for utilizing your attorney during an investigation. You should always consult with them for everything during the process to be sure you don’t make a mistake. They are, after all, the experts. Thanks for the tips.

  4. says

    I think it would be smart to keep the legal counsel and technical consultants separate because they aren’t going to help answer each other’s questions. I think it is smart to keep them separate and use them to answer different questions that you may have.

Leave a Reply

Your email address will not be published. Required fields are marked *

Current day month ye@r *