Mayer Brown announced today that the firm launched a new guide, “Preparing For and Responding To a Computer Security Incident: Making the First 72 Hours Count,” which offers insights on how to prepare for a computer security incident and how to implement a timely, effective response. The guide’s launch coincides with the beginning of National Cybersecurity Awareness Month (NCSAM) 2015. Mayer Brown is an official Champion of NCSAM.

The guide is authored by Mayer Brown partner Marcus A. Christian and senior associate Stephen Lilley, lawyers in the firm’s global Cybersecurity & Data Privacy practice based in Washington DC. Mr. Christian represents clients in matters involving data security planning, board governance of cybersecurity, cyber fraud, data breach response, and congressional investigations, among others. He previously served as the Executive Assistant United States Attorney at the US Attorney’s Office for the Southern District of Florida, where he conducted and supervised numerous investigations involving breached personally identifiable information, communications data analysis, electronic surveillance, and intercepted communications. Mr. Lilley advises companies as they respond to cyber threats and represents them in related litigation. Previously, he worked for the Senate Judiciary Committee as Chief Counsel to the Subcommittee on Crime and Terrorism, and as Chief Counsel to the Subcommittee on Administrative Oversight and the Courts.

The 60-page guide serves as a valuable resource for in-house counsel, executives and other stakeholders as they undertake the important work of assessing and strengthening their companies’ incident response capabilities. The guide is designed to:

  • Guide companies as they develop written computer security incident response plans and implement them in response to an incident;
  • Provide an overview of applicable regulatory requirements; and
  • Help board members, senior management, in-house counsel and other stakeholders anticipate and minimize financial, reputational and legal harm.

“Stakes have never been higher for businesses involved in information security incidents,” said Rajesh De, leader of Mayer Brown’s global Cybersecurity & Data Privacy practice and recent former General Counsel of the National Security Agency. “While preventative measures are essential, unfortunately even the most robust networks can fail. Every company, no matter the size or industry, must be ready to respond swiftly and effectively with a risk-based cybersecurity program in place to mitigate operational damage, reputational harm, and legal liability.”

Mr. Christian added, “There has been an endless series of high-level attacks, and businesses are coming to the realization that they not only need to prevent attacks, but also to respond effectively to them. Assessing and enhancing a company’s information security incident response capability is an urgent matter, and preparing for an incident is a dynamic and ongoing task that companies need to tailor to their own circumstances. Effectiveness is all about preparedness.”

Earlier this year, Mayer Brown launched the survey: “Perspectives on Cybersecurity and Its Legal Implications,” which gauges industry concerns and measures corporate responses to significant privacy and security threats.

Mayer Brown’s global Cybersecurity & Data Privacy practice is composed of experienced lawyers from a range of disciplines, including regulatory, government and global trade, intellectual property, litigation, financial services regulation and enforcement, employment and business & technology sourcing. Lawyers in the practice work with financial institutions, insurance, health care, technology, retail, manufacturing, and other clients to help them contend with the full range of domestic, international and cross-border data privacy and security obligations, including privacy and data security programs, breach response plans, notification policies, strategies for minimizing adverse consequences that may arise from litigation or governmental actions following a breach incident, privacy regulatory compliance, global data transfers in transactions and management of third parties with access to data.

For more information, or to request a copy of the guide, please visit: