The stakes involved in cybersecurity have never been higher, and there is no reason for them to discontinue increasing in scope and size. More and more, business value is tied to information such as intellectual property and market data. Damages to reputation and consumer trust may be hard to quantify but are potentially fatal. Moreover, the data that is vulnerable to attack is increasingly voluminous, dispersed, mobile and constantly changing. These realities dictate that executives must make cybersecurity a top priority and take their seat at the table along with the technology personnel and others steering the organization’s defense of its digital assets. Given the regulatory implications of cybersecurity breaches and the possibility or even likelihood of ensuing litigation, lawyers also need to reserve a seat at that table.
While a generalized need for cybersecurity measures is broadly acknowledged, the importance of being well prepared to detect and respond to a security breach is often overlooked. This includes executing the necessary steps, including forensically sound preservation and collection, to implement the duty to preserve and collect the electronically stored information (ESI) implicated in the breach. Ad hoc reaction is not a responsible or effective strategy.