Attorney/Client » We’ve Been Hacked! Is There A Lawyer In The House?

We’ve Been Hacked! Is There A Lawyer In The House?

Cell phone ringing with urgent message.

February 1, 2022

When a business suspects a cyber incident, the first call is typically not to a cybersecurity firm, PR firm, or even an insurer. “Instead,” says this post from Lawfare, “it is increasingly to a lawyer.” This practice is widely accepted by in-house attorneys, and many cyber insurers even provide policy holders with an 800 number that goes directly to a law firm, according to the writers, who note the process is largely driven by the desire to keep what happened, and any information that comes out of an investigation, confidential under attorney-client privilege.

The writers then make the case that “the distorting effect” of the privilege could be undermining cybersecurity itself in a number of ways. Among them: It triggers an inefficient and sometimes deficient two-track investigation. It incentivises lawyers to withhold forensic reports from insurers, depriving them of information they could use to improve underwriting and advise other policy holders. It may also create a perverse incentive to hire a separate new security firm for the investigation, keeping the firm that provided pre-breach services out of the loop, and that could slow down the investigation at a time when damage from the breach is ongoing and response speed is crucial. Perhaps the most pernicious effect, the authors say, is a an ongoing disincentive to conduct preventive cybersecurity audits or monitoring before any event has occurred.

The parade of potential negatives is alarming, but the authors – a University of Minnesota law professor, a Fletcher School cybersecurity professor, and a postdoc who is researching cyber risk and insurance at the University of Innsbruck in Austria at – are cautious with their conclusions. These issues, they say, “are worthy of more study and attention,” and they would like to be contacted by readers who have had first hand experience with them. Lawfare is published in cooperation with the Brookings Institution.

Share this post:

Find this article interesting?

Sign up for more with a complimentary subscription to Today’s General Counsel magazine.