Hardening Soft Targets

Responsible management of cyber risks requires a complex strategy commensurate with the magnitude of the evolving threat. This includes traditional risk management techniques, sound corporate governance, adequate insurance, proper contractual language, robust control structures, regular auditing, and compliance management. This is in addition to the need for companies to understand and implement fundamental technical security measures to protect their data.  Blank Rome’s multidisciplinary team of cyber-savvy attorneys assists our clients in protecting their property and reputations from these unprecedented challenges.

Corporate Governance and Compliance

Blank Rome ensures its clients are fully aware of their fiduciary and compliance obligations so they can responsibly manage their information security risks. We help our clients with:

  • understanding their fiduciary obligations and adopt sound corporate governance polices
  • establishing appropriate board committees and develop reporting policies for their Chief Information Officer (“CIO”), Chief Information Security Officer/Chief Security Officer (“CISO/CSO”), and Chief Protection Officer (“CPO”)
  • identifying where critical information resides, and develop and implement compliance programs for critical information and systems
  • performing comprehensive risk assessments along with internal or external security experts
  • navigate the web of state, federal, and international data protection laws and cybersecurity requirements


Blank Rome assists with the development of comprehensive programs to identify gaps and implement measures that effectively and appropriately manage security risks, all under attorney-client privilege, including:

  • recommending both strategic and tactical risk remediation measures to close gaps
  • advising on the assembly of an internal Incident Response Team, as well as identifying external experts and resources, such as forensics firms, public relations firms, call center vendors, and credit monitoring providers
  • preparing and implementing information security incident response plans
  • drafting and negotiating vendor contracts and advising on vendor audits to address data privacy and security
  • reviewing insurance policies for adequate cybersecurity coverage

Responding to a Security Incident

Blank Rome can quickly assist clients with managing security incidents or data breaches while offering the confidentiality inherent only in an attorney-client privilege. Our cybersecurity team assists our clients with:

  • conducting internal investigations with forensic experts
  • preparing individual and customer notifications, as well as notices to regulators
  • managing communications internally and externally
  • responding to government investigations regarding security incidents
  • drafting and filing U.S. SEC disclosures
  • managing the impact of cybersecurity-related liability or loss
  • defending the organization, including officers and directors, against civil complaints