Jenner & Block


Our Work

Representative Cybersecurity Experience

  • Advised dozens of clients (in regulated and unregulated industries) on the development of internal cybersecurity incident response plans, including conducting tabletop exercises with the client to prepare for a cyber incident.
  • Assisted a large financial services industry company through a complex data breach that involved multiple clients’ data and affected individuals in all 50 states.  Handled all aspects of the breach and mitigation procedures, including liaising with multiple state officials and conducting  a thorough review of the client’s data breach and escalation policy.
  • Advised and trained multiple government contractors on cybersecurity liability under Department of Defense cybersecurity regulations, including assisting in incident response. 
  • Advised on appropriate cybersecurity defensive and offensive measures for multiple major defense contractors. 
  • Investigated multiple third party breaches of major defense contractor’s subcontractors, seamlessly integrating with IT, security and forensic experts to evaluate data leaked to darknet and assess damage.
  • Internal investigation into whistle blower allegations related to the cybersecurity fitness and posture of an energy management company. 
  • Counseled a major trade association on cybersecurity vulnerabilities in health care and public health, including development of an association-wide educational campaign on cybersecurity and development of standards following the 2013 Executive Order on Cybersecurity. 
  • Counseled a global enterprise services company on privacy policies and responses to multiple breaches that varied in severity and size and affected employees and customers.  We advised on all aspects of breach preparation and response, including conducting tabletop exercises, reviewing existing contracts for appropriate privacy and security language, drafting breach notification letters to affected individuals, drafting internal and external communications about the incidents, and notifying state attorneys general on the company’s behalf.
  • Assisted a major media and entertainment company in developing and establishing a Data Governance Council that handles encompass holistic data governance decisions including use of customer data, mobile application data and advertising data. 
  • Advised two electric utility holding companies on a wide range of privacy and cybersecurity issues, including reviewing and revising their data breach notification plans, assisting in analyzing potential data breaches, developing a strategy to implement a comprehensive privacy program, and reviewing potentially applicable privacy and cybersecurity regulations. 
  • Counseled an electric utility on Department of Energy, NERC and state cybersecurity obligations. 
  • Counseled an electric utility on international data transfer issues related to cybersecurity subcontractor.
  • Internal investigation into whistle blower allegations related to the cybersecurity fitness and posture of an energy management company. 
  • Counseled major energy manufacturer on compliance with Department of Defense and Department of Energy cybersecurity obligations.
  • Assisted multiple clients in finalizing Cooperative Research and Development Agreements (CRADAs) with the U.S. Department of Homeland Security, Office of Cybersecurity and Communications. 
  • Advised private and public Boards of Directors on proactive risk management
  • Advised private and public Boards of Directors on cyber incident response
  • Advised clients on how to obtain effective cyber insurance, review and prioritize options.
  • Reviewed existing insurance policies to determine their adequacy to respond to data breach claims, or securities class actions and derivative claims following a significant data breach or cyber intrusion;
  • Worked with clients and their insurance brokers in analyzing the propriety of new cyber insurance products and assure that clients are placing adequate coverage and obtaining the coverage that best fits their business operations; and
  • Analyzed first-party losses and third-party claims to help determine which policies to pursue for coverage following a cyber intrusion, and coordinated responses to insurance company investigations and requests for information as part of adjusting a claim for coverage.