The shield of attorney-client privilege that protects breach forensics reports from becoming a liability during litigation isn't absolute. As a result, companies and their firms may have to take a much more strategic approach to how these reports are structured.
One of the common first steps that any business takes in the aftermath of a cyber incident is to commission a data breach incident report from an outside provider. The findings contained within those write-ups can often provide companies with a road map for correcting the offending weaknesses in their system. But a recent order from a judge in the U.S. District Court for the District of Columbia reinforces the notion that forensic reports can become a legal liability as well.