“Strong security should be a standard feature of virtually every technology product, and especially those that support the critical infrastructure that [people] rely on daily.”
– Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Agency

Today’s emerging digital environment is treacherous. Bad actors have proliferated and grown more sophisticated, becoming a persistent and evolving threat. Information technology continues to be integrated into all aspects of our society and IT networks have become more complex and reliant on the software and systems of third-party vendors, who themselves may experience incidents affecting customer data. Artificial intelligence (AI) and machine learning (ML) have presented themselves as important tools with the potential to enhance our world through their use in cyber-defense against increasingly sophisticated and malicious malware, ransomware, and social engineering attacks. However, AI and ML can be double-edged swords when used by hackers for advanced attacks, and other bad actors in the creation of deep fakes and bots, which are already rampantly spreading misinformation. As the metaverse comes more online, it too, will serve as a new area for exploitation. These vulnerabilities increase our risk and may lead to wide-scale or high-consequence cybersecurity events that could harm or disrupt services on which our global economy and peoples’ daily lives depend. In the Morrison Foerster/Ethisphere 2023 Global Crisis Benchmarking Report, many general counsel reported that “Cybersecurity remains top of mind for organizations, with 60% considering it as a top crisis risk.” For both public and private organizations, developing and implementing tailored cybersecurity plans and processes is key to protecting and maintaining operations.

We work with clients to help them be aware of critical cyber risks, prepare for incidents, and take steps to reduce the likelihood and impact of a potentially damaging compromise. We have served as lead counsel on some of the highest profile ransomware attacks and other cyber breaches of recent years, coordinating all response components, including responding to regulatory inquiries and investigations, defending clients in multi-jurisdiction litigation, engaging on public and customer relations issues, advising on contractual obligations and remedies, and working with forensic investigators, credit monitoring firms, and crisis communication professionals to provide an integrated, cost-effective, and seamless response to data security incidents.

In addition to data loss, these incidents raise significant business and legal risks, including damage to brand and reputation, disruption of business operations, and triggering of contractual and regulatory obligations. We have helped Fortune 500 companies and other leading organizations respond to dozens of significant ransomware incidents and have experience with wide-ranging ransomware variants including Akira, BlackCat/ALPHV, LockBit, Conti, Ryuk, REvil/Sodinokibi, WastedLocker, Maze, MegaCortex, Nephilim, SunCrypt, and Harma.

Morrison Foerster is uniquely positioned to provide insights into and counsel on all facets of cyberattack preparedness and response. Our market-leading global Privacy + Data Security team has decades of collective experience helping clients navigate these and other pressing issues. Visit our Privacy + Data Security Litigation practice page to learn how our team can help your company with potential litigation arising from a breach.

Featured Insights

Sign up to receive up-to-the-minute legal and business analysis on the latest privacy and data security topics.