Cybersecurity attorneys are experts in incident response, and, as Thompson says, "Counsel and public relations should run the incident. IT provides them with the information to make decisions, but in reality, 99 percent of incident response and forensics is run through IT, not counsel." The risk in IT running the incident response is that they are not versed in the policies and procedures of custodianship of data.
If their budgets present limitations, in-house attorneys who are informed on cybersecurity laws can play similar roles in response planning. According to Sheehan, "If there is no in-house counsel, they should examine their budget to prioritize having outside counsel, which will save money in the big picture by decreasing the impact of breach and litigation expenses."
Sign up for Computerworld eNewsletters.