Saikali Featured in Cybersecurity Law Report on Incident Response Planning

Shook, Hardy & Bacon Partner and Co-chair of the Data Security and Privacy group Al Saikali offers critical steps for developing an effective data breach response plan in an April 27 Cybersecurity Law Report article, “A Guide to Developing and Implementing a Successful Cyber Incident Response Plan: From Data Mapping to Evaluation (Part One of Three).”

In an effort to devise a plan that can mitigate the impact of a cybersecurity attack, Saikali highlights the importance of identifying what qualifies as an “incident,” who should be involved in developing the data security plan (including the role of outside counsel), and how to identify potential risks. Saikali defines a security incident as “the unauthorized access or acquisition of some sort of sensitive information,” and recommends that internal and external teams work together to identity the potential threats.

Noting that there’s a spectrum of severity for data breach incidents, Saikali explains, “Depending on how the response team classifies the incident, a determination is then made as to which vendors you need to bring in and who needs to be involved.” Saikali gives more specific input for dealing with low-priority, sophisticated, and insider attacks.