Cyber Incident Response

  • Cyber Incident Response Counseling and Breach Coaching
  • Cyber Incident Response Plans, Playbooks and Related Policies
  • War Games and Tabletop Exercises

Skadden's Cybersecurity and Data Privacy Practice has handled some of the most significant cyber incidents on an international scale, and has counseled companies on major cyber breaches and incident preparedness across virtually every industry, including financial, health care, real estate, transportation, energy, chemical, defense and aerospace, telecommunications, tech and hospitality. With more than 60 lawyers globally, our Cybersecurity and Data Privacy Practice is a one-stop shop for companies’ most pressing cybersecurity challenges. We advise victims of state-sponsored cyber activity, ransomware and other cyber extortion attacks, as well as breaches of health information, sensitive government information, intellectual property and personal data.

Market leaders. We are recognized as go-to counsel and breach coaches to Fortune 500 companies, stepping in to serve as cyber counsel and incident commanders when companies face ransomware or other disruptive cyberattacks. Drawing on our extensive experience across our worldwide platform, our global team manages the full spectrum of high-profile cyber and data privacy threats and incidents, often of a cross-border nature.

Dedicated service, 24/7/365. Our team is ready at a moment’s notice to help companies navigate potentially catastrophic, increasingly sophisticated cyber threats. As seasoned “breach coaches,” we handle time-sensitive, high-profile attacks by executing a battle-tested process to investigate the incident, limit its harm and command the response team’s efforts to mitigate the company’s legal, business and reputational risks. Our unified efforts are tailored to the client’s size, cybersecurity maturity and existing processes; the incident’s nature and scope; and the needs of customers, business partners, vendors, regulators and law enforcement officials across the globe.

Swift, coordinated action. Our ability to quarterback a crisis management plan is crucial when responding to a cybersecurity incident, which may require the help of forensic investigators, e-discovery professionals, threat actor negotiators, crisis communicators, asset recovery service providers, managed service providers and numerous other parties. Skadden’s approach of quickly assembling and orchestrating collaborative teams of advisers is key to our successful track record on behalf of clients.

Practical insights. Skadden lawyers have served at the highest levels of the U.S. government, gaining experience that is extremely useful in managing and investigating complex cybersecurity incidents. This background is essential to our ability to craft and orchestrate a response plan that carefully considers government officials’ incident notification expectations and enforcement and prosecutorial objectives.

Streamlined insurance process. Leveraging Skadden’s strong relationships with the insurance industry, we work with providers throughout the incident lifecycle to facilitate the insurance process.

Delivering Comprehensive Cyber Incident Guidance

Skadden provides end-to-end support during the incident response with the help of a trusted network of experts, including by:

  • Preserving legal privilege and other protections through a tiered method that includes overseeing communication channels and retaining independent experts to maintain the confidentiality of sensitive information in the event of future litigation or enforcement proceedings.
  • Investigating the incident, in collaboration with internal and external stakeholders, with an eye toward fully understanding the attack’s scope and impact and ensuring that the investigation is conducted in a legally defensible manner.
  • Ensuring effective communication with the media, vendors, customers, regulators and internal staff, by helping to manage communication lines and maintain clear, consistent messaging, to minimize the possibility of legal or reputational risk.
  • Identifying notice obligations and coordinating notifications under relevant statutory, regulatory and contractual frameworks and managing the increasingly demanding, intricate and often conflicting notification processes across jurisdictions.
  • Documenting facts and actions, carefully tracking everything from who learned of the incident and when, to the steps the company took to respond, under what can be highly unpredictable, high-stakes and complex circumstances.
  • Incorporating lessons learned into cybersecurity preparedness policies and programs.

Ensuring Cyber Incident Preparedness

Our attorneys work with boards, C-level executives and management teams to identify, assess and prepare for cyber risks before a ransomware attack or other breach occurs, by:

  • Developing custom incident response plans and cyber legal playbooks to implement throughout the organization, including a robust governance framework.
  • Conducting gap assessments to identify weaknesses and ensure the company’s current practices are in line with cybersecurity best practices.
  • Developing and facilitating realistic cyber “war games” and tabletop exercises to assess and enhance the organization’s level of preparedness and resilience for an actual incident and inform potential updates to its incident response plan and playbook.
  • Collaborating closely with insurers, drawing on our extensive experience with leading cyber insurance brokers and carriers, to support clients as they prepare for and respond to cyber incidents. 
Learn more about Skadden’s Cybersecurity and Data Privacy Practice and professionals.

Key Contacts

Cybersecurity and Data Privacy Co-Heads