Companies that fall victim to cyberattacks and data breaches may rest a bit easier. On March 7, 2018, FBI Director Christopher Wray informed conference attendees at Boston College that the Federal Bureau of Investigation views companies impacted by hacking incidents as victims and the bureau will not be quick to disclose details of the incidents to other agencies. “At the FBI, we treat victim companies as victims,” said Director Wray.
Possible Dilemma For Companies in Heavily-Regulated Industries
For many companies in heavily-regulated industries, such as those in the financial and healthcare sectors, notifying law enforcement in the wake of a cybersecurity incident can present a dilemma — involve the authorities, who might disclose the incident to regulators, or keep quiet and hope that the regulators don’t notice.
As opposed to other regulatory bodies and state agencies, Wray explained that the FBI does not take an adversarial approach to investigate companies affected by cyberattacks. Director Wray explained, “We don’t view it as our responsibility when companies share information with us to turn around and share that information with some of those other agencies.”
The First Days Are Critical
How a company responds during the first few days after a cybersecurity incident is critical. Given the FBI’s approach to data breach and cyberattack response, Wray noted that companies should promptly report hacking incidents to the FBI, which can investigate the attacks and maybe in a position to help mitigate the risk of future data breaches.
Vernon Litigation Group
At Vernon Litigation Group, we help companies respond rapidly and decisively to data breaches and cyberattacks. Our attorneys can communicate with relevant stakeholders and forensic experts on a privileged basis, evaluate regulatory and legal notification requirements, and serve as conduits to law enforcement, insurance carriers, and impacted customers.
For more information, contact:
Phone: (239) 319-4434