Verder naar navigatie Doorgaan naar hoofdinhoud Ga naar de voettekst

SEC Cyber Security Disclosure & Breach Litigation:

8 Tips for Choosing a DFIR Partner

07 oktober 2024

door Bill Powell

What are the challenges of the new SEC cyber security disclosure rules?

The SEC cyber incident disclosure requirements have created new pressures for publicly traded companies—and likely more headaches for CISOs facing cyber security incidents. 

Before December 2023, companies could decide when, how, and what to disclose after an incident, or they could wait for litigation to arise. Now, the SEC mandates filing Form 8-K within four business days of a “material” cyber security incident, including disclosure of specific aspects and any impacts. This data is publicly available in the EDGAR database, and CISOs must personally sign their name on the form.

Because the stakes are so high, companies and the cyber security and compliance law firms they rely on have grown to need Digital Forensics Incident Response services they can trust to navigate disclosure and breach litigation. But simply compiling a forensics report isn’t enough—and could actually be too much, depending on the circumstances. 

Instead, cyber legal firms need an experienced forensics team that deeply understands the requirements and what’s at stake. You’re looking for experts who have worked cases from multiple angles and know how to discover and preserve evidence—and let the lawyers do the lawyering. 

You want a trusted partner who can help you provide peace of mind to the CISO and who’s personally and professionally accountable for the outcome. And, let’s be honest, you need a team that will make your firm look good in the eyes of the client.

How to choose the best DFIR team for cyber security risk management and incident disclosure

Beyond technical expertise, here’s what to look for in a holistic DFIR partner that supports disclosure, defense, and good governance to avoid future incidents:

 

1) A team that understands the assignment. 

Deploying specialized forensic experts in a timely manner is crucial to any incident response. The response team will quickly assess your organization’s IT and infrastructure, data, policies, and procedures, then properly communicate the response team’s findings through appropriate channels.

As various legal jurisdictions continue to develop judicial precedents for IT incident responses, you want a team that understands the specific challenges your company faces the moment an issue is discovered, during any level of dual-track investigations, and continuing beyond any potential legal process.

 

2) Law enforcement experience. 

While forensic analysts and cyber security experts bring value, the ideal DFIR team includes cybercrime specialists and investigations professionals who’ve worked in law enforcement. You want a team that speaks the legal language (who knows that a “breach” is a legal finding, not a technical one, for example) and understands how to handle evidence.

For example, the DFIR team at NCC Group includes multiple digital forensics examiners, former Cyber & High-Tech Crimes task force members, and expert witnesses with courtroom experience who understand what’s required to build and present a compelling defense. 

 

3) Data diligence and security.

The DFIR process often involves or turns up proprietary data that you’ll want to protect. However, do you really know who’s on your cyber defense team? Data sovereignty is just one piece of the puzzle in scenarios involving sensitive customer data, trade secrets, or government operations.

To reduce risk, you need a partner who has thoroughly vetted any third parties and personnel involved in your case. Unauthorized access to sensitive business data in cloud environments can have severe consequences, and the last thing you want to do is turn one incident into another. 

 

4) The synchronicity of a SWAT team. 

A SWAT team operates in perfect synergy; they move as a single unit, communicate seamlessly, and anticipate each other’s needs. They don’t stop and discuss logistics as they’re breaking down a door. Your DFIR team should operate the same way- with precision, cohesiveness, and innate synergy because they know their roles, anticipate needs, and have drilled their process so many times that it’s second nature.

 

5) Carrier considerations.

Insurers play a massive role in DFIR and cyber defense, and your DFIR partner should understand carriers’ concerns, priorities, limitations, and what it takes to minimize cyber risk. A DFIR vendor should have a lock on the carrier’s perspective, along with the knowledge and threat intelligence to leverage unique insights to enhance underwriting.

 

6) Clear communication.

Beyond speaking legalese, your DFIR team should also communicate technical findings in an accurate, actionable, and consumable manner, “translating” incident details into actionable language for the layperson. The ability to explain case specifics in nontechnical language helps your firm understand the risks and ramifications so you can better serve your client.

 

7) An ally to counsel.

 Your job is to protect your client, and you’ll succeed with a DFIR partner in your corner. If they discover challenging evidence, you want a team that will pick up the phone and talk you through it. A team able to help you understand the implications and prepare a strategy rather than blindsiding you in front of the client. They should make your job easier, not harder, and support your work.

 

8) Comprehensive cyber support.

Beyond compiling incident evidence, the ideal DFIR provider will also offer a complete suite of cyber security solutions to help your clients prepare for, recover from, and reduce incident impact. A team that brings threat intelligence, risk assessment, and remediation expertise to the table is a massive bonus for your client and positions you as a vital partner in cyber defense. 

The importance of trust and discretion in managing breach disclosures

When the CISO’s personal reputation is on the line, your organization will need cyber defense support they can trust to manage SEC breach disclosure requirements with discretion, a legal-minded approach, and a holistic perspective. 

While many pure-play incident response providers can get you through the basics, experts like NCC Group’s DFIR team become trusted partners in delivering comprehensive defense and cyber resilience strategies that reduce client cyber risks and give CISOs peace of mind.

Having experienced cyber and litigation support partners on your team gives your organization a competitive advantage to do what you do best: provide sound legal strategy and guidance that builds trust and loyalty with your clients.

 


 

Bill Powell

Bill Powell

Director of Digital Forensics and Incident Response, NCC Group NA

Bill Powell, based in Central Florida, leads North America's Digital Forensics and Incident Response (DFIR) team. Bill is an experienced DFIR leader and practitioner with a background in incident response and conducting PCI Forensic Investigations. Before that, he worked in law enforcement, performing digital forensics in a Cyber & High-Tech Crimes task force and providing expert testimony.

His law enforcement background and experience with law firms and internal counsel enhance our value proposition in North America, where adhering to strict attorney-client privilege protocols during incident response cases and internal investigations is a becoming a must-have.

Bill also brings a wealth of experience working with cyber insurance carriers and brokers.

Cyber defense and business resilience from code to courtroom.

To learn more about partnering with NCC Group for Digital Forensics & Incident Response services, contact our team today.