- What needs to be pre-documented for the breach attorney to be effective? And in what format?
- What to do to protect yourself from outrageous fees?
- What to do in order to get proper service from a breach attorney?
- What are the advantages of having a pre-established relationship with a breach attorney?
- What positive outcomes arise from having pre-breach meetings with a breach attorney?
Spencer Pollock – Cybersecurity breach attorney
Felicia King – QPC Security, Security Architect and Information Security Officer
What needs to be pre-documented for the breach attorney to be effective?
Cybersecurity posture of the organization.
Compliance/legal and the technical / security
Security: identify the gaps and procedures
And in what format?
Data is everywhere.
Clients that have an IRP, data map and have a list.
Customers and data breach classification, impact / no impact
What to do to protect yourself from outrageous fees?
The more times you have to engage a breach coach in advance, the better off you are.
The more time you bake people into your team, the less time is spent on the phone when an issue occurs. This means it is less expensive and your organizational response is faster.
This is why it is critical to get the breach attorney written into the policy.
When to get the breach attorney written into the policy?
Business owner needs to be driving the breach attorney selection during the insurance application period.
Insurance policy, Beazley example. You should do a retainer with them.
Retainer: You get the benefit of cell phone, breach line.
Preparation meetings are going to be paid out of pocket. Prebreach stuff is a separate engagement, and it will usually be a lower fee.