How to estimate legal costs from a data breach.

CTRL+F to jump to these topics

Disclosure Complexity: How much work is the initial disclosure?

  • Legal Fees: Lawyers will advise on what disclosures are required. Industry regulation, contract commitments, international, federal, and state.
  • Employee Time: First, there will be effort in deciding how to deliver the news. Your organization might not be good at delivering news outside of your normal channels with targeting to specific victim cohorts. (“50k accounts were accessed, 1k, had data viewed, and 35 were compromised, so we need to email three cohorts in N jurisdictions”)
  • Both: A large group of comms, engineering, and lawyers will fight over the language of the actual disclosure. There may be meetings simply to debate word choices trading between human language and liability.

Next: A matter of whether you’ll be sued or not.

Litigation Probability: Will it even happen?

Next: If we see litigation, how expensive is it?

Multiple Litigators: If litigation happens, how many litigators?

Class Actions: Becoming more likely with consumer tech.

Discovery Costs: Ranging from zero to absurd.

Settlement Costs: Highly variable depending on the business.

Indemnification Costs: Your contract language may multiply costs.

Sample contract language from educause

Trial Costs: Did you go to trial or not? Was it lengthy?

Regulation: Temporary or permanent modifications to business.

The takeaway

  1. This review of legal costs (You’re reading it)
  2. Valuation of non-monetary penalties
  3. Estimating the $ of a security incident
  4. Imposed risk (The value of risk organizations)




Writing about risk, security, and startups.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

4 Ways You Can Secure Your HaggleX Wallet

7 Myths about Open-Source Security Everyone Should Ignore

v0.16 Migration Report — Spork 21 Activation and v0.16.1

These are the top GameFi tokens that deserve your attention on March 8th, 2022: AXS, GALA and ENJ

How Corona virus is turning into Computer-Corona-Virus-Frauds.

How I hacked my college — Part 3

자신의 LP 토큰의 가치를 볼 수 있는 곳

DIRECTLY SWAP NFTs within Piggy Planet

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ryan McGeehan

Ryan McGeehan

Writing about risk, security, and startups.

More from Medium

Requirements for CII Customers under CA’s Water Efficiency Framework

A commercial parking lot with landscaping.

Retrospective and Predictions for Mobility

Quantum Computing Spend to Reach $8.6 Billion

Exclusive Interview w/ Dr. Lucas Joppa, Microsoft’s Chief Environmental Officer, by Maëva Ghonda