According to a recent Ponemon Institute/IBM report, the average period of time to identify and contain a data breach is 280 days. Many times, a breach will be detected either from an outside source, or as a result of a more manifest attack. Thus, cyber experts anticipate that, as a result of the COVID-19 pandemic and resulting vulnerabilities arising from organizations’ need to rollout a remote work environment overnight, many organizations’ systems already have been compromised and that those incidents will surface during the fourth quarter of 2020. Given recent decisions in the federal courts, organizations and their cyber counsel need to reconsider how to respond to cybersecurity incidents in order to strengthen the ability to protect data breach forensic reports from discovery in subsequent litigation.

An overarching question many organizations and their attorneys now are asking is whether companies that have sustained a data breach should conduct two separate and independent investigations in order to strengthen privilege claims over investigations managed by outside counsel? In some instances, the answer may be yes.