When data breaches hit, some companies are turning to law firms for help.

Typically when facing down a hacker, a company would retain a forensic investigator, the Wall Street Journal reports. But companies who go with law firms instead get the advantage of secrecy in the form of attorney-client privilege.

For a company that suffers a data breach, the breach itself is only the beginning of its problems. Litigation often follows on the heels of a breach, as well as drawing the attention of regulatory authorities. For example, Nationwide Mutual Insurance Co. in October suffered a breach in which a hacker stole the personal data of about 1 million people, which resulted in a Federal Bureau of Investigation probe and other regulatory investigations as well as lawsuits seeking class-action status.

When a company is under the microscope like that, a little secrecy can be a welcome thing. For example, if a law firm, rather than the company itself, contacts a forensic investigator, privilege can keep the company’s own investigation from being used against it in litigation.

Nationwide retained Ropes & Gray to help it with its situation, but other law firms, including Alston & Bird and Steptoe & Johnson, are getting into the cybersecurity game as well.


For more InsideCounsel coverage of cybersecurity, see below:

Reuters journalist charged in Anonymous hacking conspiracy

EU regulators warn of mobile app privacy concerns

Technology: 4 practical tips for improving critical infrastructure cybersecurity

Obama signs executive order on cybersecurity