2023 Data Security Incident Response Report – Seurity Measures & Approach by BlakerHostetler



We are now three years post pandemic, and while a lot has changed, some things remain the
same. Last year, I talked about resilience—the uncertainties of the pandemic were still present,
the war in Ukraine had just begun, and businesses were addressing new issues caused by
technology evolution and work-pattern changes. Resilience in 2022 meant continued effective
implementation of security measures, evolving privacy compliance programs beyond just
addressing the biggest compliance risk areas, and responding to continued efforts by litigators
to exploit different privacy and privacy-adjacent statutes for financial gain.
The “incident response boom” in 2020 to 2021 saw new vendor entrants to the market. Some
of those vendors were suddenly desperate for work in light of the rapid decrease in network
intrusions and ransomware incidents. That lull was short-lived. The attacks picked up at the
end of 2022 and have continued into 2023.
Over the past 20 years, our attorneys have spent a lot of time on-site with our clients helping
them manage security incidents. That experience gave us a window into how our clients
interacted with the life cycle of data and technology. We learned our clients’ business, industry,
and what mattered from a practical perspective. In 2020, we did something no other law firm
has done—we elevated data issues to the practice group level (similar to tax, IP, litigation, labor
and employment, and business). The group is called Digital Assets and Data Management
(DADM). In the three short years we have been in existence as a firm practice group (rather
than a practice team), we are approaching the size of our firm’s IP group, have more than 100
dedicated attorneys and technologists, and have several clients using the services of all seven
practice teams. The American Lawyer, Chambers, Legal 500, and BTI continue to recognize
our accomplishments.
Data issues are cross-practice issues. For example, clients are talking to us about leveraging
an existing security tool for privacy management and governance, risk, and compliance
(GRC). That type of engagement involves our incident response attorneys, our in-house legal
technology team (IncuBaker), and our privacy compliance attorneys. Our adtech, privacy
transaction, and privacy attorneys join to help clients manage the sprint to launch new
products and services and to build compliance programs for multi-state and global privacy
laws. Our litigators responded to the surge of new lawsuits based on security incidents and
allegations of violations of privacy laws. Our regulatory, healthcare, advertising, and security
attorneys (combined with corporate compliance attorneys) worked to address the federal
regulatory focus on cybersecurity, dark patterns, crypto, and post-Dobbs issues. You will see
insights and guidance based on this work in this year’s DSIR report.
I remain proud of the efforts of our firm and the DADM group leading the way on DEI efforts.
BakerHostetler achieved Mansfield 5.0 certification this past fall. The leader of our IncuBaker
team was named the CIO of our firm, and her team continues to receive accolades for
their use of technology in serving clients. We remain the most diverse practice group at


Download & read the complete report below 👇👇👇


Leave a Reply

Your email address will not be published. Required fields are marked *