Illustration by Val Bochkov Illustration by Val Bochkov


Insurance alone can’t cover cyberincidents. But this truth is lost in many corporate risk management efforts, where online-threat vulnerability often represents a blind spot, and incident preparation is nothing more than a goal on a chalk board.

Understanding and preparing for this risk is the focus of “Practical Approach to Addressing Incidents,” a Feb. 1 session at Legaltech New York, part of Legalweek: The Experience. The panel will delve into how to create and manage a companywide security incident response plan.

Event panelist Dan Rizzolo, managing director at OmniVere, noted that the session, which will be moderated by OmniVere CTO George Kiersted, would provide a wake-up call for many organizations that are susceptible to an attack “but do not have a plan in place” should a breach or cyberattack occur.

One of the biggest reasons organizations fail to implement an incident response plan, Rizzolo said, is denial about the possibility of a security incident.

“The companies that have been hit hard with a breach will have something in place, but other companies feel like they are just not going to be targeted,” he explained. “They think, ‘We don’t have anything that could be breached or would be valuable or we’re not on [a hacker's] radar.’ And that couldn’t be farther from the truth.”

Rizzolo explained that though cybercriminals often execute targeted attacks against a specific company or data set, “in other cases they are casting a wide net,” assessing random organizations and their networks to look around for unknown valuable data or access points they can exploit.

While the risk is real, planning for a breach or cyberincident is no easy task. Given all the moving parts of such a plan and the various responsibilities involving legal, the session will offer advice from a wide array of backgrounds. Those panelists are Bruce Radke, partner at Vedder Price; Amie Taal, vice president of Group Incident & Investigation Management (IMG) at Deutsche Bank AG; Behnam Dayanim, partner in the litigation department at Paul Hastings; and Avi Weisman of cybersecurity company Cycura Inc.

Among the most valuable lessons the session hopes to instill in its attendees is that “legal is going to have to take the lead role in going through a response,” Rizzolo said. “It’s really the legal department that’s going to have to marshal the troops.”

Though coordinating and leading an incident response plan may seem foreign to many in-house counsel, Rizzolo was confident that it would only be matter of time until it was a commonplace responsibility.

“Many of the lawyers out there who are in the legal departments are a little bit intimated by the thought of a breach or incident response, and this was like how e-discovery was 10 years ago,” Rizzolo said. “Today e-discovery is a given in any kind of business and litigation, and it’s very rare that you have a [legal department] that doesn’t have some exposure to e-discovery.”

Rizzolo added that in-house counsel is the best choice to lead incident responses because they understand the “great legal risk that’s out there when there’s a breach,” stemming from the patchwork of state and federal breach reporting requirements, and because “legal departments are part of the business that touches all the other parts of the business.”

Corporate attorneys, therefore, can more easily work with other departments to secure corporate data that’s “valuable and can pose risks to the company,” as well as work with “outside providers that they’re going to need to bring in [ahead of time] in case of a breach in preparing for a breach,” he explained.

These outside providers include law firms and consultants with cybersecurity and breach response experience, as well public relations firms to manage a company’s or brand’s reputation—a pivotal asset to have early on, Rizzolo said, if a security incident is ever made public.

“You don’t want to be searching around for a public relations firm and trying to get the up to speed on what your company is and what they do in the aftermath of the breach,” he added.

The panel is set to take place at 1:30 p.m. Feb. 1, as part of OmniVere’s educational track. The full list of Legalweek speakers, the agenda and a link to registration can be found on