How to estimate legal costs from a data breach.

CTRL+F to jump to these topics

Disclosure Complexity: How much work is the initial disclosure?

  • Legal Fees: Lawyers will advise on what disclosures are required. Industry regulation, contract commitments, international, federal, and state.
  • Employee Time: First, there will be effort in deciding how to deliver the news. Your organization might not be good at delivering news outside of your normal channels with targeting to specific victim cohorts. (“50k accounts were accessed, 1k, had data viewed, and 35 were compromised, so we need to email three cohorts in N jurisdictions”)
  • Both: A large group of comms, engineering, and lawyers will fight over the language of the actual disclosure. There may be meetings simply to debate word choices trading between human language and liability.

Next: A matter of whether you’ll be sued or not.

Litigation Probability: Will it even happen?

Next: If we see litigation, how expensive is it?

Multiple Litigators: If litigation happens, how many litigators?

Class Actions: Becoming more likely with consumer tech.

Discovery Costs: Ranging from zero to absurd.

Settlement Costs: Highly variable depending on the business.

Indemnification Costs: Your contract language may multiply costs.

Sample contract language from educause

Trial Costs: Did you go to trial or not? Was it lengthy?

Regulation: Temporary or permanent modifications to business.

The takeaway

  1. This review of legal costs (You’re reading it)
  2. Valuation of non-monetary penalties
  3. Estimating the $ of a security incident
  4. Imposed risk (The value of risk organizations)




Writing about risk, security, and startups.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Liability Risks of High-Profile Security Breaches

PwnLab_inti —

#MerryCryptoChristmas2020 Campaign to Celebrate Christmas Season

{UPDATE} 悠悠升级 Hack Free Resources Generator

Do you care about your Cyber security?

Why Should I Care About Privacy? I Have Nothing to Hide.

Hack This Site: Realistic Web Mission — Level 6

Hack This Site: Realistic Web Mission — Level 6

January with epns

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ryan McGeehan

Ryan McGeehan

Writing about risk, security, and startups.

More from Medium

What is 5G Security?

2021 in Review: The Most Damaging Cyber Attacks of the Year

Daily tips to gain more privacy from Murena team

Cyber Guidance for CEOs: Homeland Security Warns of Heightened Cyber Threats to U.S.