Cybersecurity

Cyber Risk Services: Hogan Lovells’ Technical and Risk Management Consulting Services

To provide our clients with comprehensive, timely advice and solutions to your organization’s unique cybersecurity challenges, our dedicated group of technical and risk professionals works side-by-side with our market-leading lawyers. Clients receive tightly integrated and complementary legal and management counsel, creating a seamless experience that is provided under attorney-client privilege.

The technical knowledge and training of our consultants and lawyers allows us to work directly with a client’s IT security team, as well as in-house counsel, with no lost time for “translation” of specialized terminology or concepts. And our experience within, and working with, law enforcement and other government agencies, enables us to counsel and support internal investigations and external interactions with practical, informed advice.

Our technical professionals, consultants, and lawyers work with you end-to-end on planning, preparation, and response issues. In particular, our consultants partner closely with our lawyers on:

• Program development. We evaluate cyber threats; analyze preparedness; review policies, procedures and technical capabilities against best practices; develop policies and procedures for oversight and management of risk; and evaluate vendor cybersecurity practices.

• Incident and crisis response. We develop plans and procedures for investigating and responding to cybersecurity incidents, testing response capabilities, managing the response, providing technical and procedural recommendations, and supporting incident response and investigations.

• Regulatory compliance (HIPAA, ITAR, PCI, NNPI, etc.). We develop policies, procedures, and technical cybersecurity requirements needed to comply with regulations; review existing policies, procedures, and capabilities; and recommend mitigations necessary to comply with regulations.

• Training and Awareness. We evaluate threats from employees and contractors; analyze the capability to protect against inside threats; evaluate internal cultural awareness; and recommend, develop, and deliver cybersecurity awareness and best practices training.

Taking on your cyber challenges

You’ll want to know that the consultants and lawyers you work with have the technical and legal experience to see you through every phase. A few examples of how our integrated team has helped both big and small companies over the years include:

• Technical oversight of third-party forensics report preparation: After a major payment card breach at a leading U.S retailer, our technical consultants reviewed and advised on the scope and conduct of a third-party technical investigation, conducted a technical review of multiple drafts of the forensics report, worked with forensics experts, and helped shape the report’s favorable findings and practical recommendations.

• Summarize complex technical facts in support of legal defense: When a market-leading company suffered a data breach involving more than 50 million records containing sensitive personal information, our lawyers and consultants created a summary of the key legal arguments and a plain-language description of the technical and business facts that supported them, which was then used by the client to prepare its defense and settlement strategy.

• Risk management assessment: We assessed the cybersecurity risk management approach of a major cable and internet services provider. After interviewing the chief information security officer, CIO, COO, and other key stakeholders, we recommended the client adopt a governance framework and approach more aligned with industry standards and legal frameworks.

• Confirm the absence of cyber attackers: Our lawyers helped a leading health insurance company retain a respected forensics firm to conduct a technical scan of the client’s systems. Our cybersecurity consultants participated in the scoping and review meetings and reviewed the resulting report, providing the client with the reassurance that the work performed would help demonstrate, as much as reasonably possible, that all steps had been taken to protect the client’s data and systems.