Skip to Main Content
Services Talent Knowledge
Site Search


Our Cybersecurity Team understands the legal, business, and reputational risks associated with evolving privacy and data-protection laws. We offer a full spectrum of services designed to identify, manage, and minimize our clients' exposure to cyber risks.


Cyber Risk

In this digital age, companies thrive on collecting, using, and sharing data. Safeguarding that information is essential—not only to compete in the marketplace, but to comply with ever-increasing layers of state, federal, and international laws governing data and consumer protection. These laws govern every major industry, including banking, energy, health care, hospitality, manufacturing, and real estate.

Failure to comply is increasingly costly; businesses incur billions in incident-response, investigation, and litigation costs every year. And the problem continues to grow.

Our Cybersecurity Team understands the legal, business, and reputational risks associated with evolving privacy and data-protection laws. We offer a full spectrum of services designed to identify, manage, and minimize our clients’ exposure to cyber risks.

As a full-service team of corporate, health care, and trial attorneys, we have extensive experience assisting clients in the following cybersecurity areas:


Before any breach or cyber incident ever occurs, we counsel our clients on how best to protect themselves and comply with evolving state, federal, and international laws governing computer and data security. We also draft cyber policies, data-breach response plans, and information-security plans as required by law, contract, and industry standards.

Risk Management

We review and draft data-security, indemnification, and insurance provisions for M&As and other business contracts to ensure appropriate risk transfer. We work with our clients to evaluate their insurance needs, identify any coverage gaps, and maximize their protection for cyber incidents. We also offer in-person or virtual training on best practices.

Incident Response

We serve as rapid-response “breach coaches,” counseling clients through all legal aspects of the investigation, mitigation, and, if necessary, the disclosure of a breach or other cyber incident.

Investigations and Litigation

We represent our clients in regulatory investigations and other disputes involving data, security, and other cyber incidents. We employ a proactive approach, helping clients avoid or limit regulatory fines, penalties, and other exposure.

Representative Experience

  • Represented a client in a data-breach matter involving financial transactions compromised of criminals using an email phishing scam to gain access to transaction details and redirect payment of $10 million. We coordinated the forensic investigation and addressed legal notifications to affected individuals and regulators in more than 20 jurisdictions.
  • Represented clients in PCI DSS disputes involving data breach of credit-card transactions and PoS systems, including appeals from fines imposed by the card provider.
  • Represented a client in a data-breach event involving an employee who may have compromised security of the client’s system, which resulted in PII being available on the internet. We coordinated with forensic investigators to evaluate the scope of potential disclosure of data and with law enforcement to investigate the employee’s potential criminal conduct.
  • Represented a client in a data-breach incident arising out of an unsecure website and the inadvertent disclosure of private information, including social-security numbers and PHI. We coordinated the forensic investigation, addressed the legal notification to affected individuals and state and federal government agencies, and defended the client in regulatory investigations, including the negotiation of fines and remediation requirements. 
  • Represented a client in a data-breach matter involving a phishing scam that compromised several email accounts. We coordinated the initial response to the breach, including the forensic investigation.
  • Represented a client in connection with a data breach caused by a ransomware attack. We coordinated with forensic investigators and a ransomware expert to respond to the breach and negotiate a ransom payment, counseled the client in providing notice to affected individuals and state regulators in multiple jurisdictions, addressed the legal ramifications of the attack with the client’s customers based on the applicable common-law and contractual and statutory data-security requirements.
  • Counseled clients in devising data-security and data-breach-response plans to comply with New York State’s SHIELD Act.
  • Provided legal advice to clients concerning compliance with cybersecurity obligations under various state laws, including the SHIELD Act.
  • Represented a municipal client in the drafting and negotiation of cybersecurity, indemnification, and insurance provisions of a multi-year management agreement, including separate data-protection guidelines.
  • Represented a commercial real-estate developer in the drafting and negotiation of a payroll services agreement, with emphasis on the contract’s cybersecurity, indemnity, and insurance procurement provisions.
  • Represented clients who suffered damages resulting from a phishing attack and the theft of their down payment for a real estate purchase. We negotiated a pre-suit settlement for the clients.
  • Represented clients in data-breach matters arising out of the compromise of a national cloud-service provider.
Representative Experience
  • Handled a HIPAA privacy breach for a provider involving disclosures to and settlements with the US Department of Health & Human Services Office for Civil Rights (HHS-OCR) and the NYS Attorney General. 



Press Releases

  • Brian Gerling Joins Barclay Damon
  • Barclay Damon Adds Leading Data Privacy and Security Protection Lawyer Charles Nerko to NYC Office
  • Barclay Damon Announces New Practice Group, Practice Area, and Industry Team Leadership


Blog Posts



Featured Media


NYS Submits 1115 Waiver Amendment (Health Equity Reform) to CMS


Federal Court Sanctions Party Where Corporate Representative Answered "I Don't Know" over 100 Times During 30(b)(6) Deposition


COVID-19 Business Interruption Update: Second Circuit Issues Decisions in Favor of Insurers Dismissing Claims


NYS Governor Hochul Signs Bill Expanding the Decision-Making Rights of Individuals With Intellectual and Developmental Disabilities


Board of Regents Adopts Emergency Regulations on the Mental Health Diagnostic Privilege


Utility Companies Not Liable for Substations They Do Not Own, Operate, or Supervise

This site uses cookies to give you the best experience possible on our site and in some cases direct advertisements to you based upon your use of our site.

By clicking [I agree], you are agreeing to our use of cookies. For information on what cookies we use and how to manage our use of cookies, please visit our Privacy Statement.

I AgreeOpt-Out