Stephen Lilley is a partner in the Washington DC office of Mayer Brown. He focuses his practice on helping clients navigate cutting-edge and interrelated litigation, regulatory, and policy challenges. A member of the firm’s Litigation and Cybersecurity & Data Privacy practices, Stephen develops strategies to manage legal risks and to shape regulatory policy across a broad range of substantive areas. He has been named a “Leading Lawyer” for Cyber Law by the Legal 500.

Stephen has significant experience working with clients to identify, evaluate, and manage cybersecurity and data privacy risks; responding to cyber incidents and vulnerability disclosures; and defending businesses in related litigation. Stephen is regularly called upon to advise senior executives and board members on their most challenging cybersecurity risks, to help companies develop governance programs to mitigate those risks, and to lead training exercises to implement and refine those programs. Stephen has particular experience advising on cybersecurity and national security issues relating to the Internet of Things, including vehicles and medical devices, and to manufacturing, critical infrastructure, and other industrial systems. Widely recognized for his cybersecurity law and policy experience, Stephen previously served as Chief Counsel to the Senate Judiciary Committee’s Subcommittee on Crime and Terrorism, where he focused on cybersecurity issues.

Stephen’s representative cybersecurity and data privacy experience includes:

  • Counseling businesses across sectors on responding to ransomware and other cybersecurity incidents.
  • Advising financial institutions on cybersecurity regulatory compliance, including with respect to new regulatory requirements or amended guidance.
  • Advising manufacturing, energy, chemicals, and other critical infrastructure businesses on legal questions relating to the security of operational technology and other industrial systems.
  • Counseling businesses on the development of coordinated disclosure programs and the management of vulnerability disclosures.
  • Providing strategic counsel to companies in a wide range of industries as they assess their cybersecurity posture and engage with their boards of directors.
  • Drafting comment letters in response to cybersecurity rulemakings and advising companies on legislative developments.
  • Representing petitioner in Spokeo, Inc. v. Robins before the US Supreme Court.
  • Representing a national retailer in litigation arising from the breach of its point-of-sale system.

Stephen also has extensive experience counseling companies on financial services policy matters. These include advising a leading trade association on its response to numerous regulatory proposals by a range of financial regulators; filing amicus briefs in matters of critical importance to financial institutions; and counseling companies on compliance with consumer financial services laws.

Before joining Mayer Brown, Stephen worked for the US Senate Judiciary Committee as Chief Counsel to the Subcommittee on Crime and Terrorism, where he had a particular focus on cybersecurity. He clerked for Judge Thomas Ambro on the US Court of Appeals for the Third Circuit and Judge Jeremy Fogel on the US District Court for the Northern District of California. A summa cum laude graduate of Princeton University, Stephen received his law degree from Yale Law School, where he served as a Senior Editor of the Yale Law Journal.

Spoken Languages

  • English
Staying Ahead of the Curve: Cybersecurity and Data Privacy–Hot Topics for Global Businesses


Yale Law School, JD
Senior Editor, Yale Law Journal; Joseph Parker Prize (legal history); Barry Cohen prize (law and literature)

Princeton University, AB, summa cum laude
Phi Beta Kappa


  • District of Columbia
  • California


  • US Supreme Court
  • US Court of Appeals for the Third Circuit
  • US Court of Appeals for the Ninth Circuit