DOJ Releases Updated Cyber Incident Response Guidance for Private Sector Entities

On September 27, 2018, the Computer Crime and Intellectual Property Section (“CCIPS”) of the Criminal Division of the US Department of Justice (“DOJ”) released a revised version of its Best Practices for Victim Response and Reporting of Cyber Incidents. Although primarily targeted to “smaller organizations and their legal counsel,” this guidance on preparing for and responding to cyber incidents may be helpful to private sector entities of all sizes. It expands on guidance issued by CCIPS in April 2015 and is intended to “help organizations prepare a cyber incident response plan and, more generally, to better equip themselves to respond effectively and lawfully to a cyber incident.” The updated guidance addresses new topics, including the impact of the Cybersecurity Information Sharing Act of 2015 (“CISA”) and working with external support such as cyber incident response firms.

Mayer Brown LLP’s partners Rajesh De and Marcus A. Christian with associate Joshua M. Silverstein  report on the new guidance and highlight areas of interest in this Legal Update.

Related Content