Cyber Coaching in the Age of Cyber Breaches
It appears as though cyber breaches have become more commonplace, as there is no shortage of such events in the news. Just recently, it was reported that the cellphone carrier T-Mobile suffered a massive data breach, wherein hackers stole data of over 40 million people. Similarly, insurance firms Tokio Marine and Ryan Specialty just revealed they were hit by cyberattacks as well.” Considering the prevalence of data breaches and cyber-attacks on companies worldwide, cyber coaches have become not only sought after but also central figures in the handling of cyber events at large. Most, if not always, “cyber coaches” are lawyers who have specialized knowledge of this area of the law and who can help clients, whether insured by cyber liability coverage or not, to navigate, explain and mitigate the consequences of a cyber breach. In most jurisdictions, when an attorney is retained to perform the role of a “cyber coach”, the attorney’s communications are protected by the attorney-client privilege and possibly the work product privilege. This is the critical reason that attorneys are the best persons to immediately retain upon the occurrence of a cyber incident or cyber breach.
We conducted a Q&A with Normand Duquette of RISCO Insurance Brokerage Inc. who provided insight into the role of cyber coaches and the intersection between cyber coaching and cyber insurance. Here’s what he told us:
Q: What is your specialty in this field?
A: I am Insurance Broker specializing in Management, Professional and Cyber Liability coverages.
Q: What is a cyber coach?
A: This is a term used by certain cyber carriers for the law firm that assists with coordinating services in the event of a suspected or actual cyber incident.
Q: What are the primary duties of a cyber coach?
A: They are responsible for providing consultative and pre-litigation support services to cyber insurance policyholders. They help with response strategy, language for internal/external communications and the engagement of third parties to investigate/respond to the cyber event. Think of them as your “Cyber Concierge”!
Q: What other parties are involved when a cyber breach/incident occurs, and in what way do those parties engage with the cyber coach during the process?
A: Typically, all events will need some sort of forensic investigation to determine what actually occurred. Outside of that, the additional services are really depending on the event. Is a call center needed for affected individuals? Do you need a Public Relations Firm to assist with communication? Are government agencies inquiring on the event and do you need to respond to potential fines and penalties? Is a third party needed to help facilitate a ransom payment? Each of these items all require different specialties which the Cyber Coach can help coordinate.
We hope this brief blog provides some information in this evolving and fluid area of the law. If you have questions about cyber liability, cyber coaching or need assistance in this area to protect your company, in the states of New Jersey or Pennsylvania, one of our attorneys specializing in this field can speak with you today about our services. Contact Thomas Paschos & Associates, P.C. for more information.