Important Note: This Information has not been Updated and is Not Current.

Cybersecurity is an important aspect of electronic discovery and any other activity that involves computers and confidential information, including the general practice of law.

Since attorney-client confidentiality is a key component of all legal representation, cybersecurity is critical to the legal profession. All attorneys need a basic understanding of cybersecurity. This domain is dedicated to that educational goal.

On this main page you will find links to articles written by the e-Discovery Team and other sources that will help legal professionals to better understand cybersecurity, followed by FAQs on Data Breach.

For more in-depth reading, go to our separate page listing Must Read Books on Cybersecurity.

For videos, go to our separate page listing Our Favorite Cybersecurity Videos

Cyber_shield_knowledgeOur research in this area is constant and we will continue to update with new, vetted educational materials of all kinds. Please bookmark and keep coming back for more information as you finish your studies of our current recommendations. You may also want to follow Ralph Losey on Twitter to stay current.

U.S. Employees Are Weakest Link In America’s CybersecurityPart One and Part Two (e-Discovery Team, 2014).

The Importance of Cybersecurity to the Legal Profession and Outsourcing as a Best Practice – Part One and Part Two(e-Discovery Team, 2014).

Best Practices in e-Discovery for Handling Unreviewed Client Data(e-Discovery Team, 2014).

Podcast Interview of Ralph Losey in 2014 by Sharon Nelson, President of the Virginia Bar, and John Simek, Forensic Engineer, on law firm cybersecurity outsourcing strategies.

The CIA Cyber Security Triad and 9ec4c12949a4f31474f299058ce2b22a, (e-Discovery Team, 2014).

National Institute of Standards and Technology Creates Cybersecurity Standards Framework (e-Discovery Team, 2014).

2014 Cost of Data Breach Study(Ponemon Institute); also see good summary of the study by infoRisk Today and the FAQ below adopted from the Ponemon study.

HEARTBLEED: A Lawyer’s Perspective On Cyber Liability and the Biggest Programming Error in History,  (e-Discovery Team, 2014).

From Hit and Run to Invade and Stay: How Cyberterrorists Could Be Living Inside Your Systems, Alan E. Brill, Senior Managing Director, Kroll Cyber Security & Information Assurance. Published in Defense Against Terrorism Review Vol.3, No. 2, Fall 2010 at pages 23-36.

The Cyber Threat and How to Respond. Audio podcast by Alan Brill.

Cyberterrorism: An Overview by Vipin Kumar Singhal (Indian Council for Social Science Research, 2014).

eDiscovery Pest Control: Dealing with the Internet Explorer Bug (Kroll Ontrack, informal blog, 2014).

2014 Cyber Security Forecast (Kroll Report, 2014).

The Evolution of Data Breach Response Amid Growing Concerns and Expectations (Kroll White Paper).

Managing threats in the digital age (IBM, executive report).

FireEye Blog: Current information and insight on advanced threats. Also see FireEye white papers.



Adopted in part from the Ponemon Institute’s
2014 Cost of Data Breach Study: Global Analysis

What is a data breach? A breach is defined as an event in which an individual’s name, plus a medical record, or financial record, or credit card card might be put at risk.

Root-Cause-of-Data-Breach_2014What are the main causes of data breach? There are three main causes of a data breach: (1) malicious or criminal attack, (2) system glitch, or (3) human error. The costs of a data breach can vary according to the cause and the safeguards in place at the time of the data breach. As you can see from the chart in the 2014 Ponemon report, 42% of the reported data breaches were caused by malicious attack, 30% by human error (ei – oops, lost my drive!), and 29% by system glitch (catch all, blame it on the computer).

What is a compromised record? Information that identifies an individual whose information has been lost or stolen in a data breach. Examples can include a retail company’s database with an individual’s name associated with credit card information and other personally identifiable information. Or, it could be a health insurer’s record of the policyholder with physician and payment information. In the 2104 Ponemon Institute study the average cost to the organization if one of these records is lost or stolen is $145. The chart below breaks down the average costs according to cause of loss. As you can see, data loss from a malicious attack causes the greatest per record damages, with an average cost of $159 per record.


Can the average cost of data breach be used to calculate the financial consequences of a mega breach such as those involving millions of lost or stolen records? Not really. The costs of a mega breach can be much higher. The average cost of a data breach in the Ponemon Institute research did not apply to catastrophic or mega data breaches because these are not typical of the breaches most organizations experience. In order to be representative and draw conclusions from the research  useful in understanding costs when protected information is lost or stolen, the Ponemon Institute did not include data breaches of more than approximately 100,000 compromised records.

What can you do to reduce the cost of a data breach? There are many actions you can take now to reduce the damages that a data breach might cause. The Ponemon Institute survey considered many of the important factors that can impact the cost of data breach as shown in their chart below.


In addition to the factors that the Ponemon survey considered, I would add employee training. That is a key ingredient in the bottom four factors, which have the greatest savings impact. Training is critical to maintain a strong security posture and to implement an incident response plan. It is also important to BCM, which means business continuity management. This requires all levels of management to have a basic understanding and involvement with cybersecurity. The CISO appointed factor means that an organization has a Chief Information Security Officer with enterprise-wide responsibility. Part of that responsibility should include training.

How do data breach notification laws in the U.S. impact notification costs? As shown by the below Figure 15 of the Ponemon study,  companies in the U.S. have a significantly higher cost to notify victims of a data breach. India and Brazil have the lowest costs. Notification costs typically include IT activities associated with the creation of contact databases, determination of all regulatory requirements, engagement of outside experts, postage, secondary contacts to mail, and inbound communication set-up.


What are post data breach costs? There are many other costs associated with a data breach in addition to the notice related costs. The costs typically include help desk activities, inbound communications, special investigative activities, remediation, legal expenditures, product discounts, identity protection services, and regulatory interventions. The Ponemon study measured these average post data breach costs by country. The highest was again the U.S., the lowest was India. Figure 16 from the  study below shows the distribution of average costs associated with after-the-fact activities for 10 countries.


What are lost business costs? Lost business costs include the abnormal turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill. These costs can be devastating to a business. There are other costs that are impossible to quantify, such as business interruption. Think of the impact Target’s data breach had on operations, including the resignation of it’s CIO and resignation of its CEO. The Ponemon study again measured these average lost business costs by country, and remember these were averages. The highest was again the U.S. with an average loss of $3.3 million per event, and the lowest again was India at $252,876.


How did the Ponemon Institute calculate the cost of data breach? To calculate the average cost of data breach the Institute collected both the direct and indirect expenses incurred by the organization. Direct expenses include engaging forensic experts, outsourcing hotline support and providing free credit monitoring subscriptions and discounts for future products and services. Indirect costs include in-house investigations and communication, as well as the extrapolated value of customer loss resulting from turnover or diminished customer acquisition rates.

We recommend that you download and study the entire Ponemon report: 2014 Cost of Data Breach Study: Global Analysis.

6 Responses to Security

  1. […] thing that’s new that I’ve been working on is cybersecurity. So, one of my websites is where I talk about the need for lawyers and companies when they’re doing eDiscovery to be […]


  2. satyam7252 says:

    eDiscovery market is expected to witness a steady growth, expanding at a CAGR of over 13% from 2016 to 2023.
    Growing volume of digital data across enterprises and government agencies and introduction of government initiatives and support to implement EDiscovery process in large-, small- and mid-sized enterprises is driving growth of the EDiscovery market worldwide.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: