Materials — Incident Response Forum 2018

Materials by Topic

I. Data Breach Response/the In-House Team/The Board

Yahoo’s Warning to GCs: Your Job Description Just Expanded (Big-Time), by David Fontaine and John Reed Stark (March 2017) ( )

Boards of Directors and Cybersecurity: Applying Lessons Learned From 70 Years of financial Reporting Oversight, by David Fontaine and John Reed Stark (Cybersecurity Docket, 2016) (

Cyber Awareness to Cyber Expertise: The Evolution of Board Cyber Risk Management by Phyllis Sumner and Nick Oldham (Directors Governance Center, 2016) (

Notes from a Law Firm Chief Privacy Officer: New Demands by Phyllis Sumner (Law 360, August 2017) (

Cyber Alert: 2016 Breach Roundup, Part I: U.S. State Data Breach Notification Laws Highlights and Trends (Alston & Bird, December 2016) (

Four Part Series: Top Cybersecurity Concerns for Every Board of Directors, by John Reed Stark (NASDAQ Governance Clearing Center) (

New York Cybersecurity Rules: What Firms Need to Know, by Kimberly Peretti and   Nameir Abbas (Securities Regulation, Daily, 2017) (

Cybersecurity: The SEC’s Wake-up Call to Corporate Directors, by John Reed Stark  (


II. Managing Retail Data Breaches

Amazon Unfair Practice Case May Affect Data Breach Cases, by Doug Meal, David Cohen and Joseph Cleemann (Law 360, July 2016) (

Recent Decisions Highlight Product Cybersecurity Issues, by Heather Sussman, Doug Meal and David Cohen (Law 360, 2016) (

St. Joseph Demonstrates Challenges for Breach Plaintiffs, By Doug Meal, Mark Szpak and David Cohen (Law 360, 2015) (

Cyber Alert: Security Vulnerabilities: You Don’t Need a Breach to Face Regulatory Scrutiny (Alston & Bird, September 2016) (


III. Managing Financial Firm Data Breaches

New York State Cybersecurity Regulations: First milestone in sight, what is next on the horizon? By Jeewon Serrato (contributor among several colleagues) (

8 Critical Lessons From Morgan Stanley Cybersecurity Case, by John Reed Stark (October 2016) (

SEC Pushes New Limits on Cybersecurity, Securities Fraud, by John Reed Stark (Compliance Week, 2016) (

Avoiding Vanguard’s Cybersecurity Stumble, by John Reed Stark (Compliance Week 2016) (’s-cyber-security-stumble-Compliance-Week-2.pdf)

Cyber Alert: NY Governor Cuomo Announces Final NYDFS Cybersecurity Regulations (Alston & Bird, March 2017) (

NYDFS issues final cybersecurity regulations, setting new industry standard for cybersecurity controls (Sidley, February 2017) (

Beyond Disclosure: SEC Reinforces Public Company Cybersecurity Obligations (Willkie Farr & Gallagher 2018) (

Virtual Currency Update: Increased Government Scrutiny and Enforcement (Willkie Farr & Gallagher 2018) (


IV. National Security and Cyber-Attacks

Detect, Disrupt, Deter: A Whole-of-Government Approach to National Security Cyber Threatsby John Carlin (Harvard National Security Journal, 2016) (

Opinion: Here’s how the Trump administration needs to boost cybersecurity, by John Carlin (Marketwatch 2017) (

Petya Ransomware Attacks, by Debevoise (Including Luke Dembosky) (

The Truth About the Russians and the Elections, by John Reed Stark (Law 360, 2016) (

Cybersecurity Requirements Clarified (National Defense, March 2017) (


The Risk in Making a Ransomware Payment by John Reed Stark (Law 360, 2017) (

Here’s what went wrong for Equifax in those first 48 hours by John Carlin and David Newman (Aspen institute, 2017) (

 A GDPR Primer For U.S.-Based Cos. Handling EU Data: Part 1 (By Caroline Krass, et al) (Law 360, 2017) (

A GDPR Primer For U.S.-Based Cos. Handling EU Data: Part 2 (By Caroline Krass, et al) (Law 360, 2017) (

Ten Crypto-Caveats Floyd Mayweather and DJ Khaled Should Have Heard From Their Lawyers, by John Reed Stark (

A Dozen Obvious (and Not So Obvious) C-Suite Takeaways from the 2018 SEC Cyber-Disclosure Guidance, by John Reed Stark (

Think the SEC EDGAR Data Breach Involved Insider Trading? Think Again, by John Reed Stark (

“Cybervandalism” or “Digital Act of War”? America’s Muddled Approach to Cyber Incidents Won’t Deter More Crises, by Charlie Dunlap (Lawfire 2017) (

Are Cyber Norms as to What Constitutes an “Act of War” Developing as we Would Want?, by Charlie Dunlap (Lawfire 2017) (


V. Managing Data Breaches Across Borders

White House Releases Vulnerability Equities Policy and Processes, by David Fagan and Caitlan Meade (Inside Privacy 2017) (

Microsoft-Ireland: Decision underscores tension between privacy principles and the digital environment, by Squire Patton Boggs (Tara Swaminatha) (JD Supra 2016) (

Presidential Cybersecurity Commission Issues Ambitious Policy Roadmap for Next Administration, by Benjamin Powell, Jonathan Cedarbaum and D. Reed Freeman (WilmerHale 2016) (

Ensuring Best Practices in the Investigation of an Incident, by David Fagan, Ashden Fein and David Bender (Cybersecurity Law and Practice Report, 2016) (

2016 Privacy Year In Review, by Winston & Strawn LLP (Feb. 2017) (

Cyber Alert: 2016 Breach Roundup, Part II: U.S. and EU Data Breach Notification Regulations Highlights and Trends (Alston & Bird, January 2017) (


VI. After the Breach: Digital Forensics and Remediation

Cybersecurity Preparedness & Response Alert: Effective Cybersecurity: You Have a Breach Response Plan … Now How Do You Test It? (Alston & Bird, December 2015) (–response-alerti-effec)

Takeaways, Reminders & Caveats From the Equifax and SEC Data Breaches by John Reed Stark (Cybersecurity Docket and D&O Diary, 2017) (

Hidden Legal Lessons from Anthony Weiner’s Laptop by John Reed Stark (Cybersecurity Docket, 2017) (


VII. After the Breach: Cyber Insurance and Class Actions

High Hurdles Faced by Data Security Breach Shareholder Derivative Plaintiffs by Douglas Meal, Mark Szpak, David Cohen and Lindsey Sullivan (Bloomberg Privacy and Law Review, 2017) (

Cyber Insurance:  How to Find the Right Policy, by John Reed Stark (November 2016) (,126,107,128,37,129,20,130,131,132,135,133,134&sub_cid=&years=2016,2015,2014,2016,2015,2014,2013,2012,2011,2010,2009,2008,2007,2006,2005,2004,2003,2002&criteria=2)

5 Tips for Buying and Reviewing Cyber Insurance, by Scott Godes (Law 360, 2014) ( Tips For Reviewing_Godes.pdf)

How Insurance Can Protect Your Company, by Scott Godes (Law Journal Newsletter, 2016) ( article – ALM text version 031215.pdf)

Should Retailers Rely On CGL Coverage For Data Breaches? By: Scott Godes (Barnes & Thornburg 2015) (

Who Gets Coverage? Cyber Insurance and Credit Card Risks: Will Coverage Apply After the P.F. Chang’s Denial? By: Scott Godes (Barnes & Thornburg 2017) (

Cyber-Physical Risks: Are You Covered? (Covington, December 2016) (


VIII. Breach Avoidance/Preparation: Counseling Companies Before the Inevitable Breach 

Cybersecurity Preparedness & Response Alert:  Effective Cybersecurity: The Evolving Regulatory Landscape for Investment Advisers, Investment Companies and Broker-Dealers, by Alston and Bird (Including Kimberly Kiefer Peretti)  (JDSupra Business Advisor, 2016) (

Top Cybersecurity Concerns for Every Board of Directors, Part One: Cybersecurity Governance, by John Reed Stark (NASDAQ Clearinghouse, December 2016) (

Alternative Communications Planning and Cybersecurity Incident Response, by Tara Swaminatha (CSO 2018) (

Cybersecurity: Past is Prologue, by Squire Patton Boggs (Tara Swaminatha) (JD Supra 2016) (

Presidential Executive Order on Cybersecurity: No More Antiquated IT, by Jonathan Meyer, John Chierichella and Townsend Bourne (Bloomberg BNA Privacy and Law Report, 2017) ( CyberEO 16PVLR742.pdf)

How a Consumer Group’s Cybersecurity Initiative Could Shape the Market, by Dave Thonas, Jonathan Meyer and Abraham Shanedling (Morning Consult, 2017) (

Connecting the Dots: Key Developments and Best Practices for Evaluating Privacy and Security Risks in lot Investments by Jeewon Serrato (Shearman and Sterling, 2017) (

NY Cybersecurity Bill Shows “Reasonable Security” Standard Gathering Force by Debevoise (Including Luke Dembosky) (Debevoise and Plimpton, 2017) ( ny_cybersecurity_bill_shows_reasonable_security_standard_gathering_force.pdf)


When: Wednesday, April 18, 2018
7:00 am - 8:15 am (breakfast & registration)
8:15 am - 5:00 pm (followed by cocktail party)
Where: Mayflower Hotel
1127 Connecticut Ave, NW
Washington, D.C. 20036
CLE Credit: 6.0 hours (approved in VA and PA)

CLE Info and Forms

SEF2014 CLE -smCLE forms available here.


Links to materials available here.

Corporate Sponsors


Ankura 230x60


Freeh Group 230


ACA Aponix 230

Academic Sponsor: Duke Law

Duke LENS 230

Law Firm Sponsors

Alston 230 v2








McDonald Hopkins 230


O'Melveny 230

Ropes &Gray

SheppardMullin 230


Willkie 230