For companies, responding to security breaches increasingly requires multiple kinds of expertise, from product and engineering to legal and communications. Companies that get their responses right increase their resilience and can strengthen trust with customers. Yet too often, incident response occurs in silos, with infosec teams, corporate counsel, and external relations out of sync on decisions ranging from attribution to risk communications.
On March 15, 2022, CLTC hosted a panel of industry insiders offering a peek under the hood on breaches and how organizations respond to them, with a focus on how the “state of the art” for incident response is evolving, and what breach notification regulations on the horizon will mean for organizations.
The panel included Roselene Gomes, Director of Cyber and Intelligence Solutions for Mastercard; Scott Lindlaw, a Managing Director in the Washington, DC office of Sard Verbinnen & Co. and co-head of the firm’s Cybersecurity and Data Privacy practice; and Marci Rozen, Senior Legal Director in the Washington, D.C. office of ZwillGen PLLC, specializing in cybersecurity and privacy.
The panel was moderated by Will Cooper, who graduated Berkeley Law in 2011, and is now a vice president of litigation and compliance at Fortinet, an S&P 500 cybersecurity company. Cooper noted that the panel’s inclusion of professionals from the legal and communications side represents the reality in how firms tend to respond to breaches. “In any breach response situation, you’re always going to have a lot of collaboration and coordination among various functional groups,” Cooper noted. “Here we’ve got the legal side with Marci, the product and engineering side with Rose, and the communications side with Scott. Sometimes the decisive factor in an organization’s success in responding to a breach is how that communication and collaboration across the functional group play out.”
Roselene Gomes noted that the nature of firms’ response has changed as the range of threats has expanded. “Historically, cybersecurity has been a defensive game: the when, where, and how was determined by the attacker,” she said. “Today, we have to go a step further and protect customer data, and that requires a proactive stance to be taken by the organization. That’s where my role comes in: managing those conversations with our B2B customers to help them make sure that cybersecurity and fraud are top of mind.”
Marci Rozen explained that her role is to serve as a “breach coach,” guiding clients through challenges like engaging forensic specialists, managing internal and external communications, and analyzing legal notification obligations. “The very first thing I’m thinking about when an incident comes in is how risky the incident is, from a legal perspective, and whether the client has done anything to either mitigate that risk or heighten that risk,” she explained.
Scott Lindlaw agreed that data breaches are cross-disciplinary events, explaining that his role is to help firms communicate to the public and instill a sense of trust. “A lot of companies think of this as just a legal event or a technical event, but the real issue from our lane is that the goodwill and trust that companies have built up over years or decades can just evaporate in a second.”