Though the expertise of a cybersecurity attorney is a great benefit to some organizations, companies must consider their individual needs. A key consideration is in risk assessment. "If a smaller organization has limited sensitive data, it may not need a cybersecurity attorney on retainer, but larger name organizations with [service-level agreement] attached to it are definitely seeing more and more lawyers," said Vogel.
"The bottom line," said Cordero, "is that when companies are dealing with data, they should have available to them someone with the legal expertise they need. Security professionals are experts at coordinating response, but appropriate handling of information in accordance with the law demands an outside attorney."
Being informed and knowing when to call upon the expertise of an outside attorney is a critical step in security. "Knowing industry technology standards is quite different from being able to interpret the law," Cordero said. Having a cybersecurity attorney on retainer means, "not exposing your organization to additional risk that could result in collateral damage," Cordero said.
Sign up for Computerworld eNewsletters.