Incident Response: 5 Principles to Boost the Infosec/Legal Relationship

Effective cyber-incident response means working well with legal. Matt Dunn, associate managing director for cyber-risk at Kroll, lays out how to do it.

As an information-security professional, would you feel ready to respond to a state attorney in the event of a cyber-incident?

Around half (47 percent) of organizations polled for Kroll’s The State of Incident Response 2021 report said that their teams lack clarity around when to engage legal counsel about a potential incident. The potential impact of current and emerging cyber-incidents is so great that cybersecurity can no longer remain solely within the scope of an organization’s information-security team. The multi-layered nature of incident response demands input from resources across an organization, particularly legal.

We’ll go through five key approaches for helping the infosec and legal teams work together in partnership, but first let’s review some general best practices.

At least two in five organizations are currently ill-equipped to respond to the full legal requirements of handling an incident, while 43 percent are missing a clearly defined process to communicate with regulatory agencies. In many organizations, legal teams remain a significant blind spot within infosecurity programs. It is imperative that they ensure that these

Read More: