Stephen Lilley

Stephen Lilley is a partner in the Washington DC office of Mayer Brown. A member of the firm’s Cybersecurity & Data Privacy, National Security, and Litigation practices, Stephen develops strategies to navigate cutting-edge and interrelated litigation, regulatory, and policy challenges rooted in data and technology. He has been named a “Leading Lawyer” for Cyber Law by the Legal 500.

Stephen has significant experience working with clients to identify, evaluate, and manage cybersecurity and data privacy risks; responding to cyber incidents and vulnerability disclosures; and defending businesses in related litigation. Stephen is regularly called upon to advise senior executives and board members on their most challenging cybersecurity risks, to help companies develop governance programs to mitigate those risks, and to lead training exercises to implement and refine those programs. Stephen has particular experience advising on cybersecurity and national security issues relating to the Internet of Things, including vehicles and medical devices, and to critical infrastructure, from financial institutions to operators of industrial systems. Widely recognized for his cybersecurity law and policy experience, Stephen previously served as Chief Counsel to the Senate Judiciary Committee’s Subcommittee on Crime and Terrorism, where he focused on cybersecurity issues.

Stephen’s representative cybersecurity and data privacy experience includes:

• Counseling businesses across sectors on responding to ransomware and other cybersecurity incidents.
• Providing strategic counsel to companies in a wide range of industries as they assess their cybersecurity posture and engage with their boards of directors.
• Advising global businesses on meeting evolving cybersecurity requirements, including with respect to incident reporting, security program governance, and software development.
• Advising manufacturing, energy, chemicals, and other critical infrastructure businesses on legal questions relating to the security of operational technology and other industrial systems.
• Counseling businesses on the development of coordinated disclosure and threat intelligence programs and the management of vulnerability disclosures.
• Drafting comment letters in response to cybersecurity rulemakings and advising companies on legislative developments.
• Representing petitioner in Spokeo, Inc. v. Robins before the US Supreme Court.
• Representing a range of national businesses in litigation arising from data breaches.

Stephen also has extensive experience advising clients on managing complex legal issues at the intersection of national security, cybersecurity, and technological innovation. This includes:

• Advising technology companies on the development of governance programs for Artificial Intelligence (AI) and the security risks associated with the implementation of AI.
• Advising global technology and manufacturing companies on compliance with agreements with U.S. national security agencies, including with respect to software development and source code management.
• Advising global technology companies on the response to US government demands for customer information.

Before joining Mayer Brown, Stephen worked for the US Senate Judiciary Committee as Chief Counsel to the Subcommittee on Crime and Terrorism, where he had a particular focus on cybersecurity. He clerked for Judge Thomas Ambro on the US Court of Appeals for the Third Circuit and Judge Jeremy Fogel on the US District Court for the Northern District of California. A summa cum laude graduate of Princeton University, Stephen received his law degree from Yale Law School, where he served as a Senior Editor of the Yale Law Journal.