TCDI’s David Varacchi, VP of Strategic Accounts, attended this year’s Sedona Conference at the Hyatt Regency Reston, Reston, VA on April 13-14, 2023. The conference focused on Data Privacy & Cybersecurity Litigation. Attendees included leaders and highly experienced practitioners from law firms, corporations, insurance companies, security and incident response firms, regulatory and judicial government offices, and eDiscovery service providers.
The main issues covered at the event covered a wide variety of topics including preparing for and responding to a breach event, defining “reasonable security,” cyber insurance, insurance company involvement during breach response, privilege issues, cross border privacy considerations, and emerging issues such as biometric data.
Important Takeaways & Conference Highlights
- Breach issues continue to grow and impact every organization directly or indirectly. A statistic was shared that two of three breached companies are breached again within 12 months.
- Many companies have a thorough IR plan in place but often do not know how to execute it. One of the panelists compared this problem to a football team having a well-developed playbook that was ineffective because the players had not practiced the plays.
- It is recommended that companies prepare for breach events by meeting and contracting with their breach coach and other IR service providers before an incident occurs. This will save critical time typically lost on deciding who to work with, negotiating contracting terms and rates, explaining their data environment to forensic examiners, investigating where their important data is stored, and determining what PII or other sensitive data they need to search for that will help them meet their notification obligations.
- Conducting internal table top exercises will help inform company leaders if they are prepared to manage business interruption while the incident is being resolved. For example, if systems are locked with ransomware, will they be able to continue operations and pay employees; will product be lost/expire if it cannot be shipped to customers; to what extent is their inability to deliver goods and services negatively impacting their clients’ business; are they prepared to issue the right messaging when informing their clients and regulatory agencies; etc.
- Before responding to a threat actor, companies should seek expert guidance to determine the legitimacy of the organization and understand how they tend to operate.
- It was recommended that companies maintain activity logs longer than other aspects of their data retention policy. Oftentimes the anomaly of when the breach occurred will appear long before the breach is detected and by then, if the logs have been destroyed, forensics may not be able to obtain this detail.
- Obtaining Cyber insurance is becoming more difficult. The application process requires penetration and vulnerability tests and completion of extensive security assessments. The process can be arduous and coverage is getting more expensive. Many companies may need policies from multiple insurance companies to get the full coverage they are seeking.
- Insurance companies may request copies of forensic reports and to have their attorneys join IR-related calls. This raises victim stress levels and may disrupt privilege conversations between counsel and their client.
- Attack methods are expected to advance as threat actors leverage AI machine learning (e.g. ChatGPT-type tools).
- Companies should create data maps and/or categorical data maps to understand which systems have PII and important info. These maps can also help demonstrate how data flows to and from third parties.
Overall, the conference exceeded expectations. It provided a wealth of knowledge and insight into numerous data privacy and cybersecurity litigation topics that will help us serve clients. I’d recommend to any Cyber practitioner to participate in future sessions as their contributions would be well received by the entire community. Team TCDI is thankful for the opportunity to sponsor the event, and we will continue to support the Sedona Conference!