Thorough preparation is the best defense to a cyberattack or other data security incident.
An incident response plan is a critical component of an effective information security program. Taking into consideration each organization’s unique mission, size, structure, and functions, we help clients to develop a formal, focused, and coordinated approach to responding to an incident. Our response plans provide a roadmap for responding to security incidents in a timely and effective manner, while also protecting customers, clients, and the brand.
Companies must periodically test their incident response plans and critical staff through a functional simulated exercise known as a tabletop exercise. Our tabletop exercise workshop identifies and addresses any deficiencies in a company’s response capabilities. We offer practical, client-specific advice and skilled counsel to help companies anticipate and prepare for potential issues. Our team walks clients through simulated scenarios that challenge incident response capabilities in a variety of expected and unexpected ways. The workshop also enables our clients to:
- Build incident response instincts, define roles, and create channels for information and decision-making.
- Test the limits of the incident response plan to prepare for the unexpected.
- Facilitate discussions related to improving existing incident response procedures and information security programs.
- Better understand the incident response process with a trusted breach advisor, who will lead you through an actual incident.
In the event of a suspected security incident, our response team can be reached at incident.response@troutman.com.
Businesses must immediately address an actual or suspected incident involving unauthorized access to confidential information in order to comply with applicable laws and regulations, and engaging experienced counsel at the onset is essential in order to maintain the attorney-client privilege.
Since 2005, hundreds of companies have chosen our team to guide them through incidents of unauthorized access to data and digital assets, phishing attacks, and ransomware. Our national breach response team provides comprehensive advice 24/7/365 in areas such as internal investigations, root-cause analyses, breach identification and response, individual and regulatory notice, regulatory investigations, and litigation.
Incidents are typically followed by regulatory inquiry or litigation. Our national team offers a unique combination of subject matter depth, first-chair litigation experience, and decades of work handling bet-the-company government investigations, enforcement actions, and regulatory inquiries in every state. We have defended clients in hundreds of claims, including in MDLs, in courts throughout the U.S. involving federal and state privacy laws that address the collection, security, use, and dissemination of consumer data. Drawing from experience as former regulators in attorneys general offices, we also regularly handle state attorney general investigations and matters before state administrative bodies and federal agencies. Our work before the Federal Trade Commission, the Consumer Financial Protection Bureau, the U.S. Department of Health and Human Services Office for Civil Rights, insurance commissioners, and state attorneys general spans several decades.
Our team is frequently invited to speak at client and industry programs and cyber risk conferences. We are included on various insurer panels for breach response and related litigation defense and are recommended by insurers for incident response and pre-incident preparedness. We coordinate with our insurance attorneys for insurance-related issues, and our Incidents + Investigations team partners seamlessly with our trial practice for defense matters.