When disaster strikes, we have a core incident-response team that is always “on call,” and we can respond immediately to help triage an ongoing incident and coordinate all aspects of the response, from investigation through notification and regulatory inquiries. Our team members are both diverse in background and in the industries they serve. We believe a core team, tuned to the client’s needs and legal and business priorities, helps ensure targeted focus on the client’s specific needs.

Shook has strong relationships with leading vendors at every stage of an incident response: the top forensic firms, data-review firms, notification-service providers, call-center providers, crisis-management advisors, and credit-monitoring services—even ransomware negotiators.

We have represented numerous clients in responding to the most active state attorneys general, including representatives from Indiana, Massachusetts, New York, California, Connecticut, North Carolina, Florida, and many others. We have also represented companies in responding to formal data requests from the Health and Human Services Office for Civil Rights, and the New York Department of Financial Services. We draw on our deep experience and relationships with regulatory enforcement authorities to the advantage of our clients.

Our clients also rely on us to advise on the wide range of laws that affirmatively impose a duty on businesses to maintain an information security program—from those simply requiring “reasonable security” at a high level to highly prescriptive and granular laws. We offer a comprehensive suite of services to help clients gauge and implement their information-security programs, including gap analyses, policy and procedure drafting, oversight of security assessments, and tabletop exercises with simulated data breaches.

If you suspect you've been impacted by a cybersecurity incident, contact the Shook IR team at SHBIncidentResponse shb.com.