Summary

Three Rules for Best of Class Cybersecurity Strategies

Cybersecurity crosscuts information technology, management science, public relations, and law. Developing and implementing a cybersecurity strategy, and responding to a cybersecurity breach is, of necessity, a team effort. Best of class cybersecurity strategies address both technical and legal risk.

The first rule of a best of class strategy is that cybersecurity is not a state – it is a process. Technologies advance daily, as do the abilities of cybercriminals. Cybersecurity strategies need to develop and change in step with the relevant technologies. A strategy that was best of class in 2012 is not best of class today.

The second rule of a best of class strategy is that, because the general nature of the threat is known, and because experience has taught us the potential consequences of the cyberattack, it is possible to plan proactively, and on an ongoing basis. An ounce of prevention is worth a pound of cure. Best of class cybersecurity strategies identify emerging threats and adjust processes and mechanisms accordingly, before the fact.

The third rule of a best of class strategy is that even the best systems can and will fail. An organization can reduce the possibilities of a breach, but never eliminate them. A best of class strategy anticipates and plans for failure. It is ready to react immediately in a way that minimizes loss. A best of class cyber strategy has a tried and tested response plan.

Taken together, these rules demonstrate that best of class cyber security strategies need to manage, respond and remediate

We experienced a significant data security breach in the fourth quarter fiscal 2013 and are not yet able to determine the full extent of its impact and the impact of government investigations and private litigation on our results of operations
— Target Corporation, Securities Exchange Commission Form 10Q, filed March 14, 2014

Publications & Presentations

Publications

Representative Work

BLG litigators act and have acted in some of the most notable cybersecurity cases in the country.

BLG is defending one of the first class actions brought under the “intrusion upon seclusion” breach of privacy tort. The case is likely to be precedent-setting, in what is considered by many observers to be the fastest-growing area for class actions. BLG represents a “Big Five” Bank being sued for the criminal actions of a rogue employee alleged to have breached the privacy of customers of the Bank, which included electronically stored information. The matter will be proceeding to a common issues trial, which will decide novel legal issues, including whether an employer can be vicariously liable for its employees’ breach of privacy.

BLG represented a financial services regulator named as a defendant in a class action regarding the loss of personal information contained on a portable computer. BLG was successful in obtaining the dismissal of the certification on the basis that the representative plaintiff suffered no compensable harm since his personal information was not used fraudulently.

BLG presented a major automobile financing company named as a defendant in a class action regarding the loss of personal information that was stored on a data tape which was lost during transit. BLG was successful in obtaining a dismissal of the certification of the class action on the basis that the representative plaintiff suffered no compensable harm since his personal information was not used fraudulently.

BLG represented a leading Internet search engine named as a defendant in a potential class action (now at the pre-certification stage) on behalf of persons whose electronic data was allegedly transmitted over unsecured wireless internet connection and whose personal information was allegedly intercepted.

BLG represented a New York-based broker-dealer prosecuting an action to obtain emergency injunctive relief against a computer network service provider which refused to provide it with administrative passwords necessary for it to access essential functions such as email and the ability to print.

BLG represented a major automobile financing company named as a defendant in a class action regarding the loss of personal information that was stored on a data tape which was lost during transit. The class action was certified on the basis that the representative plaintiff alleged that his personal information was used fraudulently.​

BLG represents numerous hospitals and healthcare institutions facing potential or actual claims relating to health care information, ranging from small individual breaches and large situations involving loss or theft of data storage devices.