Business Lawyers/Corporate Counsel Services

Reduce Your Client’s Cyber Risks and Liability

Cyber threats present a real and sometimes existential threat to your clients

67% of cyber-attacks are directed towards small to medium-sized businesses, with the average data breach costing the company $200,000. Most alarmingly, 60% of small businesses fail within six months of a significant cyber event.

“My clients are asking me what they should do about cybersecurity – How can I help them?”

“I have a client firm that is rapidly growing but doesn’t seem concerned about cybersecurity – What should I tell them?”

“My client has just been breached and is worried about being sued – How can I best prepare them?”

Benefits

  • Reduce your client’s cyber liability – reduce costs to your client in terms of litigation/remediation/insurance premiums

  • Avoid client business slowdowns or stoppages

  • Help clients maintain their brand image

  • Craft more advantageous transactions by fully understanding information assets and liabilities

  • Safeguard client information during data breaches

Below are some threat scenarios that might attack your clients:

Loss of all business data: Ransomware attacks can encrypt all the files on a business’ network, including cloud-based storage. A business victim loses access to all of its data, leading to an operational stoppage. They are given a choice of two bad alternatives:

  1. Pay the ransom, which is usually in the thousands or millions of dollars, and hope that the criminals provide the keys necessary to unlock the needed information.
  2. Not pay the ransom and risk losing all essential business information

In 2019, the money exchange firm Travelex was hit with a file-encrypting malware attack which shut down its internal networks, website, and apps for several weeks. 

Read More

Loss of all business data: Ransomware attacks can encrypt all the files on a business’ network, including cloud-based storage. A business victim loses access to all of its data, leading to an operational stoppage. They are given a choice of two bad alternatives:

  1. Pay the ransom, which is usually in the thousands or millions of dollars, and hope that the criminals provide the keys necessary to unlock the needed information.
  2. Not pay the ransom and risk losing all essential business information

In 2019, the money exchange firm Travelex was hit with a file-encrypting malware attack which shut down its internal networks, website, and apps for several weeks. Reportedly Travelex paid a ransom of $2.3 million in Bitcoin to the dark actors to regain access to their data and restore services. The incident crippled the company’s customer services for weeks.

In 2020, a small business based out of Kentucky was the victim of a ransomware attack. The firm’s network consisted of only eight computers, and the hackers locked down everyone. The hacker initially demanded $400,000 to unlock the business’s information, and the small business eventually paid $150,000. “This isn’t a matter of ‘do we pay them?’ It’s a matter of how do we pay them? Because if we don’t pay them, we don’t have a way out of this, and the business stops, so it’s quite a scary situation.”

Ransomware attacks have increased by 150% during 2020. The average attack caused 18 days of downtime for the affected companies, while the average ransom amount increased almost twofold to $170,000.

Compromise of sensitive data: For many businesses, maintaining the confidentiality of sensitive information is crucial to its success. Negotiations involving contracts, lawsuits, or mergers and acquisitions can grind to a halt when sensitive information is compromised. Hackers often seek customer information, employee data, intellectual property and trade secrets, operational and inventory information, and industry-specific data. In 2021, the national law firm Jones Day was breached by the hacker group ^CL0P. 

Read More

Compromise of sensitive data: For many businesses, maintaining the confidentiality of sensitive information is crucial to its success. Negotiations involving contracts, lawsuits, or mergers and acquisitions can grind to a halt when sensitive information is compromised. Hackers often seek customer information, employee data, intellectual property and trade secrets, operational and inventory information, and industry-specific data.

In 2021, the national law firm Jones Day was breached by the hacker group ^CL0P. Millions of highly sensitive documents were posted on the dark web, negatively affecting many legal matters handled by the firm. This breach was widely covered in the media, and Jones Day is now facing multiple class-action lawsuits and damage to their brand.

Loss of funds: An email compromise attack on a business can dupe employees into unwittingly transferring funds into accounts controlled by hackers. Once these funds are transferred, it is unlikely they will never be recovered. Cybercriminals often target smaller businesses without sophisticated security controls yet still routinely make large money transfers. Examples include car dealerships and title companies. In 2015, Xoom Corporation, an international money transfer organization based in California, was victimized when spoofed emails were sent to the company’s finance department.

Read More

Loss of funds: An email compromise attack on a business can dupe employees into unwittingly transferring funds into accounts controlled by hackers. Once these funds are transferred, it is unlikely they will never be recovered. Cybercriminals often target smaller businesses without sophisticated security controls yet still routinely make large money transfers. Examples include car dealerships and title companies.

In 2015, Xoom Corporation, an international money transfer organization based in California, was victimized when spoofed emails were sent to the company’s finance department. This spoof email resulted in the transfer of $30.8 million in corporate cash to fraudulent overseas accounts. The CFO resigned, and the company’s audit committee authorized an independent investigation by outside advisors. Because of this, the company stock dipped by a jaw-dropping 14%, or approximately $31 million.

In 2019, a couple in the Washington DC area received a message from their title company to transfer funds of over $1 million ahead of their home purchase. The couple sadly found out a month later that the instructions were not from their title company. The subsequent investigation found that a hacker had taken over the title server’s emails. The compromise of business email accounted for 37% of all cyber-attacks in 2020, resulting in a $2.1B loss to businesses.

 

Increased liability and operating costs: Cyber-attacks can lead to extensive downtime, lost data, remediation costs, and lawsuits. Cyber liability insurance is becoming more difficult to obtain at reasonable rates as underwriters become more aware of cyber threats. As a result, insurance companies are shifting from simple self-assessments to more thorough assessments by outside groups. In 2017, the international shipping company Maersk was hit with the Petya malware, locking its networks across Europe. 

Read More

Increased liability and operating costs: Cyber-attacks can lead to extensive downtime, lost data, remediation costs, and lawsuits. Cyber liability insurance is becoming more difficult to obtain at reasonable rates as underwriters become more aware of cyber threats. As a result, insurance companies are shifting from simple self-assessments to more thorough assessments by outside groups.

In 2017, the international shipping company Maersk was hit with the Petya malware, locking its networks across Europe. Though It was able to recover from the attack, the estimated cost to Maersk was between $250-300 million.

“Until you have experienced something like this, you don’t realize just what can happen, just how serious it can be – I had no intuitive idea on how to move forward.”

Maersk CEO Soren Skou – Financial Times, 14th August 2017

Damaged brand reputation: Loss of brand and reputation after a cyber-attack can significantly impact businesses. Large companies may be able to absorb the loss of customers that results, for small to medium size companies, reputation damage and loss of customers can prove devastating. 

Read More

Damaged brand reputation: Loss of brand and reputation after a cyber-attack can significantly impact businesses. Large companies may be able to absorb the loss of customers that results, for small to medium size companies, reputation damage and loss of customers can prove devastating.

When personal data has been exposed or stolen, customers feel betrayed. Company privacy policies may not be read, but customers believe that any company that collects their personal data has a responsibility to protect it. A data breach is seen as a breach of the company’s commitment to keeping personal data private and secure. Many customers will take their business elsewhere after such a privacy violation.

Reputation loss after a cyber-attack can also make it hard to find new customers. Once information about a breach has been made public, it can be enough to see potential customers avoid a brand.

Previous studies suggest that as many as one-third of customers will stop doing business with a company that has experienced a data breach. A study by Gemalto paints an even bleaker picture. In a global survey of 10,000 individuals, 70% claimed they would stop doing business with a company that had experienced a data breach.

The news of a data breach will travel quickly today as a result of social media. Many customers will hear about it, and many of them will panic as a result. Some of them will automatically withdraw support for a company as a result.

Code Spaces, a former SaaS provider, is one of nearly 60% of the small businesses that failed within six months of being hacked. The company was accessed via its Amazon Elastic Compute Cloud control panel. The hackers erased data, backups, offsite backups, and machine configurations before attempting to extort the business by claiming a “large fee” would resolve their issues. Code Spaces took steps to change all of its passwords, but the damage was already done. The criminal had already created backup logins. Code Spaces was unable to continue operations and acknowledged that the company had suffered debilitating damages to its finances and reputation.

Our Services Include:

  • Cyber Assessments: We examine all aspects of an organization’s information system, accounting for people, processes, and technology. We let you and your client know their risk profile, help business leaders develop a risk appetite strategy, and develop a roadmap to move organizations to a better security posture. Our cyber assessments also are used to evaluate organizations being considered for acquisition or being readied for sale.
  • Cyber Planning: Our team of technology and security experts works with your client to develop a comprehensive strategy to reduce their information security risk. Working with your client’s IT department and existing infrastructure, our solutions are a thoughtful balance between security and operations.
  • Incident response: Responding to a significant breach is a precarious moment for a business. Money, data, and reputation are at stake. Our team works hand in hand with your clients to quickly isolate the problem, remediate affected systems, and restore operations while maintaining attorney-client confidentiality.
  • Insider Threat Programs and Investigations: Not all cyber threats originate from outside an organization. Our team includes some of the top insider threat experts in the country. We can help your client identify and address an existing inside threat or design a program to reduce an inside threat before it occurs.

Bawn is here to support your needs.
Call us at 888-477-2296 for a free consultation.