Responsible management of cyber risks requires complex strategy strategies that can keep up with the magnitude of the evolving threats. This requires sound corporate governance, adequate insurance, proper contractual language, robust control structures, regular auditing, and compliance management. Most of all, it requires legal counsel who can advise on all of these elements, craft a comprehensive program, and help you respond quickly and effectively to issues when they arise.

Blank Rome understands the evolving challenges, both business and legal, that arise from cybersecurity threats. Our team assists clients in protecting their property and reputations from these unprecedented challenges. We help them implement fundamental technical security measures to protect their data and in the event of a breach, guide them through the process of informing government authorities of the attack.

How We Can Help

Corporate Governance and Compliance

Blank Rome ensures its clients are fully aware of their fiduciary and compliance obligations so they can responsibly manage their information security risks.

  • Understand their fiduciary obligations and adopt sound corporate governance polices
  • Establish appropriate board committees and develop reporting policies for their Chief Information Officer (“CIO”), Chief Information Security Officer/Chief Security Officer (“CISO/CSO”), and Chief Protection Officer (“CPO”)
  • Identify where critical information resides, and develop and implement compliance programs for critical information and systems
  • Perform comprehensive risk assessments along with internal or external security experts
  • Navigate state, federal, and international data protection laws and cybersecurity requirements


Blank Rome assists with the development of comprehensive programs to identify gaps and implement measures that effectively and appropriately manage security risks, all protected under attorney-client privilege.

  • Recommend both strategic and tactical risk remediation measures to close gaps
  • Advise on the assembly of an internal Incident Response Team, and identify external experts and resources, such as forensics and public relations firms, call centers, and credit monitoring providers
  • Prepare and implement information security incident response plans
  • Draft and negotiate vendor contracts and advise on audits to address data privacy and security
  • Review insurance policies for adequate cybersecurity coverage

Responding to a Security Incident

We help clients manage security incidents or data breaches while offering the confidentiality inherent with attorney-client privilege.

  • Conduct internal investigations with forensic experts
  • Prepare individual and customer notifications, as well as notices to regulators
  • Manage communications internally and externally
  • Respond to government investigations regarding security incidents
  • Draft and file U.S. SEC disclosures
  • Manage the impact of cybersecurity-related liability or loss
  • Defend the organization, including officers and directors, against civil complaints


News & Views

See all News and Views