Security News > 2023 > June > How Attorneys Are Harming Cybersecurity Incident Response
Abstract: Incident Response allows victim firms to detect, contain, and recover from security incidents.
It should also help the wider community avoid similar attacks in the future.
In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders like cyber insurers and lawyers.
The first stage of our study established 11 stylized facts that describe how cyber insurance sends work to a small numbers of IR firms, drives down the fee paid, and appoints lawyers to direct technical investigators.
The second stage showed that lawyers when directing incident response often: introduce legalistic contractual and communication steps that slow-down incident response; advise IR practitioners not to write down remediation steps or to produce formal reports; and restrict access to any documents produced.
We're not able to learn from these breaches because the attorneys are limiting what information becomes public.