Michael Ford
Legal Suppliers

Crucial to hire a breach coach following a cyberattack

A breach coach can help businesses take a more holistic approach to cybersecurity emergencies, says Jason Green, principal of Hexigent Consulting, an Oakville-based digital investigations and cybersecurity firm.

Green tells AdvocateDaily.com that cyber insurance policies typically provide policyholders with access to a coach, but he says they’re worth the investment, even when businesses lack that kind of coverage.

“In that first few hours after a breach, they can be crucial in calming things down, because of the understanding and capability they bring to the table,” he says.  

“You can’t just worry about the technical aspect of a breach or the shareholder messaging, or how it’s affecting your stock price. Someone has to be looking at the overall picture and taking all of those things into account. 

“Otherwise, you’re going to be navigating through murky waters, and not from the most informed position,” Green adds.

Breach coaches, who are often lawyers, are appointed to co-ordinate the immediate response following a cyberattack. They will pull together a team to get the target company back on its feet as quickly as possible — often hiring public relations and IT and forensic investigation experts such as Hexigent — as well as notify regulators and potentially affected customers.

“They come with a Rolodex full of contacts and services that you will need,” Green says.

Historically, he says victims of security breaches treated them as purely technical problems.

“Internally, there was probably a great deal of activity, with people running around trying to figure out what happened and how to fix it,” he says.

However, Green says technological and social developments have changed the focus over the last decade, with governments adding regulatory requirements for reporting and keeping records of breach events. At the same time, public awareness of cybersecurity threats and privacy rights has also grown.

“It all happens in the public eye a bit more. Ten or 15 years ago, if you had a problem on Friday night, you had until Monday morning to figure out what was going on. Now, it can be on Twitter within hours,” he says.

“You need someone at the head of the breach response who knows all the aspects that should be considered and can put together a plan to manage it in the best way possible. They’ve been through it all many times before, which can be very valuable when the company has no experience of that kind of event,” Green adds.

That experience allows a breach coach to act as a liaison between management and the various service providers, translating technical information into a language they can understand. Coming from the outside also allows the coach to take a colder look at the situation, without having their view coloured by internal politics, Green says.

“There are many people bringing their findings back to the coach. They can give a very objective and unbiased view of what it means when you put it all together,” he says.

Coaches who are lawyers offer an additional benefit to businesses, Green says, because some of their communications will be protected by solicitor-client privilege.

“That can be incredibly valuable since you never know how things are going to play out,” he says.

They also tend to be up to speed on the latest developments in the constantly changing regulatory arena associated with privacy protection. For example, later in 2018, the European Union’s General Data Protection Regulation (GDPR) goes into effect. It will change the rules governing the processing of personal data and is expected to have an impact well beyond the borders of Europe.

The new regulation also takes an expansive approach when it comes to non-compliance and privacy breaches, with fines for violations capped at the larger of four per cent of an organization’s global turnover, or 20 million euros.

“The law is getting more complicated all the time. A breach coach will know all the details about what your processes should look like,” Green says.

To Read More Hexigent Consulting Posts Click Here
Lawyer Directory
BridgePoint Financial Services Inc.Toronto Lawyers AssociationMKD InternationalFeldstein Family LawLegal Print & Copy Inc.Davidson Fraese Family LawyersJHG Criminal Law/Jordana GoldlistAchkar Law