MayflowerBallroom 700x150

7:00-8:15         Breakfast and Check-in

8:15-8:25         Welcome Remarks

8:30 – 9:20      Data Breach Response: Counsel as Quarterback

Data breach response workflow requires careful navigation because, among other things, the legal and compliance ramifications of any failure can be calamitous or even fatal for any public or private company. Outside counsel or inside counsel is best suited to lead data breach investigations, quarterbacking the workflow for the C-suite and sharing with senior management the ultimate responsibility for key decisions.  

This panel will explore that, just like any other independent and thorough investigation, the work relating to a cyber-attack will involve a team of lawyers with different skill-sets and expertise (e.g., regulatory, ediscovery, data breach response, privacy, white collar defense, litigation, law enforcement liaison). The panel will focus especially on the law enforcement liaison and regulatory response aspects of IR.  

9:25 – 10:10     Managing Retail Data Breaches

This panel will focus on the unique aspects of handling a data breach involving a retail organization, or any other organization that collects credit card information. When a cyber-attack targets electronically transmitted, collected or stored payment card information, so-called Payment Card Industry Data Security Standards (“PCI-DSS”) compliance is often one of the first aspects investigated. PCI-DSS is a set of requirements created to help protect the security of electronic payment card transactions that include PII of cardholders, and operate as an industry standard for security for organizations utilizing credit card information.  

If a cyber-attack against a company involves credit cards or other similar modes of payment and triggers PCI-DSS compliance, the unique investigative and remedial workflow involving the PCI-DSS can be extremely costly, cumbersome and disruptive. This panel will also help clarify the value of personal identifying information (PII); how PII is sold/exploited by criminals; and why protecting PII is so important.  

10:10 – 10:20  Break

10:20 – 11:10   Financial Regulators, Law Enforcement and Data Breaches

This panel will focus on the unique regulatory and legal framework surrounding cyber-attacks of financial firms, with a particular focus on managing issues pertaining to the U.S. Securities and Exchange Commission, the Financial Industry Regulatory Authority and various law enforcement agencies.

11:10 -11:20     Break

11:20 – 12:15    National Security and Cyber-Attacks

This panel will focus on the international threat of cyber-attacks. For legal and compliance professionals, understanding the international dynamic of cyber-threats is critical to adequately represent the interest of corporate clients – especially in the context of regulatory compliance, insurance claims, and privacy protections.

12:15 – 1:20      Lunch and Afternoon Keynote

1:20 – 2:10        Managing Data Breaches Across Borders

When a data security incident occurs, the ramifications are rarely confined by physical borders. Cyber concerns for Incident Response teams typically cross borders and are global in nature – mandating additional attention, expertise and oversight. For instance, in addition to the federal and state regulations, many U.S. companies maintain subsidiaries, affiliates or employees in the European Union (E.U.). Such companies, whether public or private, must comply with relevant E.U. Member State data protection laws and guidelines where “personal data” (as defined by the pertinent law) is collected, processed or transferred by local operations.

2:10 – 2:20        Break

2:20 – 3:10        After the Breach:  Digital Forensics and Remediation

Cyber attackers have become increasingly innovative in their techniques and execution. This panel covers the latest methods and practices of cyber-attackers, which is critical for legal and practitioners to understand. For instance, during the aftermath of a data breach, an expert forensic team will typically present its findings to the legal team leading the incident response. The legal team will then determine the nature and substance of any contractual, statutory (federal and state) or other requirements triggered by the attack. Without understanding the nature of the latest attacks and threats, a legal or compliance team can stumble (badly) concerning this critical responsibility and cannot effectively carry out one of the most critical aspects of data breach response — remediation.  

3:10 – 3:20        Break

3:20 – 4:05        After the Breach: Cyber Insurance and Class Actions

This panel will focus on the related area of cyber insurance. Companies have begun taking into account cybersecurity concerns when considering overall enterprise risk management and insurance risk transfer mechanisms, just as they do with other hazards of doing business. Clearly, cyber insurance will eventually become yet another basic element of a company’s insurance coverage, just like property insurance and health insurance. Many companies might even find their customers demanding that the company carry cyber insurance as a matter of good business practice.   

This panel will also address the latest developments involving data breaches and class actions. In addition to the governmental investigations and litigation, the list of civil liabilities after a cyber-attack is almost endless, including shareholder lawsuits for cyber security failures; declines in a company’s stock price; and management negligence. There may also be consumer/customer driven class action lawsuits against companies falling victim to cyber-attacks, alleging a failure to adhere to cyber security “best practices.”

4:10 – 5:00        Breach Avoidance/Preparation: Counseling Companies Before the Inevitable Breach

Although data breaches are inevitable, companies should still take important and thoughtful preemptive measures to meet their compliance obligations and to help prepare themselves to respond. This panel focuses on preemptive steps that legal and compliance professionals should implement today to not only insure adequate preparation for the latest types of data breaches, but also to assure adequate compliance amid increasing regulatory scrutiny.

5:00 – 6:00       Cocktail Party and Announcement of “Incident Response 30″ Honorees 

Send Us Your Nominations!

IR30 2018 logo -- 100Cybersecurity Docket’s  "Incident Response 30" for 2018 will be announced at Incident Response Forum 2018! Please click here for nomination info.

Corporate Sponsors


Ankura 230x60



Academic Sponsor: Duke Law

Duke LENS 230

Law Firm Sponsors










O'Melveny 230

Ropes &Gray

SheppardMullin 230


Willkie 230