“Shared Defense is not a choice, but an imperative.”

– J. Chris Inglis, U.S. National Cyber Director

Over the last year, the risk of cybersecurity incidents has grown for governments, companies, non-profits, and other organizations, as the data we store and the devices with access to such data have reached new heights, and as bad actors have proliferated and grown more sophisticated. The risks that organizations face have increased as their IT environments have become more complex and reliant on the software and systems of third-party vendors, who themselves may experience incidents affecting customer data. The war in Ukraine and economic sanctions against Russia have complicated the regulatory landscape as more individuals, groups, and infrastructure are added to global sanctions lists. Cyberattacks have shut down operations across school districts and at colleges, challenged hospitals in their handling of patient information, and triggered disinformation and misinformation about the security of our election systems.

We work with clients to help them be aware of critical cyber risks, prepare for incidents, and take steps to reduce the likelihood and impact of a potentially damaging compromise. We have served as lead counsel on some of the highest profile ransomware attacks and other breaches of recent years, coordinating all response components, including responding to regulatory inquiries and investigations, defending clients in multi-jurisdiction litigation, engaging on public and customer relations issues, advising on contractual obligations and remedies, and working with forensic investigators, credit monitoring firms, and crises communications professionals to provide an integrated, cost-effective, and seamless response to data security incidents.

In addition to data loss, these incidents raise significant business and legal risks, including damage to brand and reputation, disruption of business operations, and triggering of contractual and regulatory obligations. We have helped Fortune 500 companies and other leading companies respond to dozens of significant ransomware incidents and have experience with wide-ranging ransomware variants including BlackCat/ALPHV, LockBit, Conti, Ryuk, REvil/Sodinokibi, WastedLocker, Maze, MegaCortex, Nephilim, SunCrypt, and Harma.

Morrison Foerster is uniquely positioned to provide insights into and counsel on all facets of cyberattack preparedness and response. Our market-leading global Privacy + Data Security team has decades of collective experience helping clients navigate these and other pressing issues. Visit our new Privacy + Data Security Litigation practice page to learn how our team can help your company with potential litigation arising from a breach.

Additonal Insights