Cyberattacks have become big business, from the standpoint of both the attackers and attorneys pursuing liability compensation from corporate attack victims. Threat actors range well beyond hacker cults of old, now including sophisticated state actors, large businesses organized for the very purpose of cyber breach and theft, and complex threat networks that aggregate information formerly treated as innocuous. Ransomware is changing the state of cyber insurance, and both National and State regulations across the globe are entering the field to govern the conduct of business victims in this climate, both in terms of ransom payments themselves, and subsequent obligations to persons whose information goes out the pipes. Breaches, in short, are now a ubiquitous part of the multinational business landscape, and failing to test system vulnerability can present existential risk to any global business organization. We’re joined by attorney and cybersecurity expert Kari Rollins to discuss what companies can, and in some cases must, do to prepare for a potential cyber attack.

Kari M. Rollins is a partner in the Intellectual Property Practice Group and an Office Managing Partner of the Sheppard Mullin New York office. Kari focuses on data privacy and data security, and complex commercial litigation matters. She has successfully represented clients in the financial services, audit and accounting, retail and fashion, food services, hospitality, manufacturing, and technology industries before state and federal courts, as well as in front of state attorneys general, federal regulators, and U.S. and international commercial arbitration forums.

What We Discussed in This Episode:

• What are 5 truisms companies should understand when evaluating cybersecurity or data breach risks?
• Are there certain types of businesses that are at greater risk for attacks?
• How can you best understand and abide by your security and privacy obligations as a business?
• Regardless of the systems in place, how can companies account for human error?
• Why training, auditing, and compliance with cybersecurity standards should be part of any incident response plan?
• What are some of industry-specific audit and compliance obligations?
• How can you prepare your “cybersecurity story”?
• Can there be more than one threat actor involved in an attack?
• What are several preparedness steps to avoid modern developments in ransomware?
• For companies that are attacked, how can they make proper payment in order while avoiding further attacks?

Contact Information:

Kari’s Sheppard Mullin attorney profile

Thank you for listening! Don’t forget to SUBSCRIBE to the show to receive every new episode delivered straight to your podcast player every week.

If you enjoyed this episode, please help us get the word out about this podcast. Rate and Review this show in Apple Podcasts, Stitcher Radio, Google Podcasts, or Spotify. It helps other listeners find this show.

Be sure to connect with us and reach out with any questions/concerns:

LinkedIn

Facebook

Twitter

Sheppard Mullin website

This podcast is for informational and educational purposes only. It is not to be construed as legal advice specific to your circumstances. If you need help with any legal matter, be sure to consult with an attorney regarding your specific needs.