Thank you for sharing!

Your article was successfully shared with the contacts you provided.

Companies that discover a potentially significant cyber incident usually turn to their trusted outside law firm and a cybersecurity firm for assistance. But many companies decide not to reach out to the FBI, which can be a mistake in certain circumstances. Considering the practical assistance that the FBI can provide to targets of a cyber attack, and its recent statements expressing a commitment to support corporate victims of data breaches, companies and their outside advisors should give serious thought to reaching out to the FBI as part of their incident responses.

Reasons for Reluctancy

One reason that companies are reluctant to contact the FBI in the early stages of a cyber event is that they often know very little. In the first few days, details like how the attack was executed, what vulnerability was exploited, and which parts of the network were exposed, are illusive—or, as FBI Director Christopher Wray described it during Q&A at the 2018 Boston Conference on Cyber Security, they don’t have the incident “wrapped up in a nice, neat bundle with a bow on top.” Alison Noon, FBI Director Vows To Treat Hacked Companies as ‘Victims, Law360 (Mar. 7, 2018) (“Boston Q&A”). This hesitancy is understandable considering companies’ experiences working with government agencies in other contexts, where it is expected that companies will have answers to the government’s questions and will demonstrate an understanding of the relevant facts. But those rules generally don’t apply in a cyber attack, and recent statements by the FBI underscore that the earlier the Bureau is notified, the more efficiently and effectively it can provide companies with assistance.

A second concern is that providing the FBI with information about a breach will somehow expose the company to criminal or regulatory liability by disclosing to the government that the company has a significant cybersecurity compliance shortcoming, like unpatched software. But the FBI has repeatedly emphasized that its priority is investigating the perpetrator of the breach, and that for the victim company, the FBI’s focus is remediation. As Director Wray has stated, the Bureau does not “view it as our responsibility, when a company is sharing information with us, to then turn around and share that information with some of those other agencies….  We obviously have to comply with the lawful process if we encounter it, but I think we don’t view it as our role to kind of rush out and share that information with those folks.” Id.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.

Legal Innovation Awards 2021Event

Celebrate outstanding achievement in law firms, chambers, in-house legal departments and alternative business structures.

Get More Information

Legalweek Leaders in Tech Awards 2021Event

Recognizing innovation in the legal technology sector for working on precedent-setting, game-changing projects and initiatives.

Get More Information

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.