Hardening Soft Targets

Whether it’s complying with the myriad of emerging government regulations, preparing for and responding to cyber attacks, satisfying auditors, or meeting the data security requirements of your business partners, Blank Rome has the experience necessary to successfully advise our clients all facets of cybersecurity. 

Corporate Governance and Compliance

“Forewarned, forearmed; to be prepared is half the victory.” — Miguel de Cervantes Saavedra

Blank Rome ensures its clients are fully aware of their fiduciary and compliance obligations so they can responsibly manage their information security risks.  We help our clients to:

  • Understand what data they possess, and the obligations that apply.
  • Understand their fiduciary obligations and adopt sound corporate governance polices.
  • Establish appropriate board committees and develop reporting policies for their CIO, CISO/CSO, and CPO.
  • Develop and implement compliance programs for critical information and systems.
  • Assess the state of existing structures, and identify gaps between the current and desired states.
  • Navigate the web of state, federal, and international data protection laws, including: 
    • SEC guidelines on cybersecurity
    • NIST standards for critical infrastructure
    • State law security requirements
    • EU Data Protection Directive
    • Gramm-Leach Bliley Act
    • FTC Act and its state law equivalents


“Despair is most often the offspring of ill-preparedness.” — Don Williams, Jr. 

Blank Rome helps its clients avoid cybersecurity pitfalls by assisting with the development of comprehensive programs to identify gaps and implement measures that effectively and appropriately manage security risks, all under attorney-client privilege, including:

  • Performing comprehensive privacy and data management assessments.
  • Recommending both strategic and tactical risk remediation measures to close gaps.
  • Preparing and implementing information security incident response plans.
  • Drafting and negotiating vendor contracts and advising on vendor audits to address data privacy and security.
  • Reviewing insurance policies for adequate cybersecurity coverage.
  • Implementing “red flag” processes to detect security incidents that may lead to data breaches.

 Responding to a Security Incident

“It is not the situation, but your reaction to the situation that counts.” — Robert Conklin 

Blank Rome can quickly assist clients with managing security incidents or data breaches while offering the confidentiality inherent only in an attorney-client privilege.  Our cybersecurity team assists our clients with:

  • Conducting internal investigations with forensic experts.
  • Government investigations regarding possible security breaches.
  • Managing the impact of cybersecurity-related liability or loss.
  • Defending their internal officers and directors against civil complaints.
  • Preparing individual and customer notifications.