LEVICK | September 20th, 2017
How to Respond to a Cyber Attack

By Paul Ferrillo
Intelligent responses depend on three elements:
1) Incident Response Planning
2) Business Continuity Planning
3) Crisis Communication Planning
There are numerous articles and memos deal with the topic of incident response, business continuity, and crisis communication plans. Many have been distributed through media outlets even. So you may be asking: why us, why now, and what more could we possibly offer in this space?
We think the answer is pretty simple: sometimes you can’t get enough of a good thing. Similarly, there are fundamental topics that people still are having problems with. One subject area that evidently needs work is responding confidently to a cyber attack in an intelligent and public manner. There are a great deal of texts and certifications out there on these issues (some better than others of course), but if we could, we’d like to give you some “basic street talk†on these issues. Essentially, we want to present to you the issues in a way that you could discuss while having a coffee or drink.
We won’t name names, but there are real-life examples of “good†responses. You intuitively know a good response. You feel a level of confidence that the company has the facts, knows the circumstances of what has happened, and is going “full steam ahead†to clean up whatever the mess is. Despite the situation being bad, you know that whoever is steering the ship has things “under control.â€
And then there are the “other†responses. You intuitively know a bad response also. It™’s the one with the bad smell, the train wreck you can’t watch but still want to, and the one where you throw up your arms and say to yourself “are you kidding me?! Did you really do that [or say that publicly?!â€} In cases like this, you’ll normally see a swarm of regulators, stakeholders, investors, and the public directing a lot of “suspicion†to the organization and its executives.
Like we said, not naming names, but we want to give you some quick thought as to what we feel works and what does not work when you have a cyber train wreck at your fingertips. Here goes:
Incident Response Planning
There are plenty of things that often come up concerning the importance of incident response (or “IR”) planning. First, the importance of having a plan cannot be understated. The worst time to figure out what to do or say if there is in the middle of a cyberattack. For instance, Internet access might get disrupted, files might get encrypted, executives might get fired or suddenly retire, or revelations might occur indicating a major loss of customer information or financial data. All of these issues might indicate a range of problems from either a “manageable” to a “catastrophic” problem depending upon what happened. Problems get further compounded if the company is publicly traded, or is regulated by a federal or state agency (such as the SEC or the NY DFS) where the timeliness and accuracy of disclosures matter greatly, along with the reputation of the company or firm being attacked.
All stuff you know so far. Now comes the moment of not mucking it all up.
1) The IR Plan needs to be practiced often and not left in the desk drawer waiting for the first disaster to strike. Do even the top athletes of the world practice before the big game? Yes. They do. So if the very best need practice for something routine (like playing a game they’ve played their entire life), you can sure as bet you need a lot of practice for something that is hopefully not routine. And practice your IR plan with all people internally, such as the board, executives, IT, HR, and the general counsel™’s office. It™’s not a bad idea to have an outside lawyer and cyber forensic advisor as well because, in a real disaster, you’re probably going to need them too. Failure to practice your IR plan is more or less the number one “YOU LOSE!†issue we see.
2) We recognize you have limited resources and can’t think of every possible disaster, but you need multiple plans and you need plans to test your limits. Practicing touch football will do little for you if you’re preparing for the Super Bowl. So think small and large breaches in various forms, such as DDoS, ransomware, insiders, corporate espionage, and depending on your size, even nation-state attacks. Make sure all of your plans have mechanisms to notify/activate the right people. This includes law enforcement, regulators, stakeholders, and investors. And plans can’t stay static, so keep in mind that plans need to address personnel changes and organizational restructures. No two cyber attacks are alike, so all IR plans cannot be alike either.
Practice hint: if you are multinational, you should have different regional plans and see if and how they would need to interact, particularly if an attack in jurisdiction A can have an effect on jurisdiction B. Different people involved, different laws, different vendors. You need to know all this stuff ahead of time.
3) Who™’s the boss? You need an incident commander. Somebody needs to be in charge (they may be able to hand off if the situation changes) but somebody has to be the boss. Crisis handling by committee usually ends up in a boilover. Identify who needs to be the boss for the scenario at hand and who their support team will be. Sometimes it™’s the CEO taking all the hits. Sometimes is the general counsel leading, with the CEO being the public face. Other times it™’s a technical specialist running the table internally, but helping the PR team craft the external message. Experienced crisis management firms are helpful for disclosures, but if you go this route, make sure they know have experience in cybersecurity issues, because cyber is an animal we still do not know well. Just be sure to have somebody calling the shots.
4) Timing is everything, especially for public companies that are trading daily on information available to investors. We are often told that we should “just get the information out there†and there is a reason for that advice, but be prudent. Trying to outrun a potentially out of control speeding locomotive without some safety precautions could result in…well, use your imagination. With that said though, don’t sit back to watch and enjoy the show because once that train cross state lines, you may have no control at all. We admit this is not an easy task. You have to find that sweet spot between “doesn’t have its act together†or “is potentially hiding something.â€
Business Continuity Plans
Business Continuity Planning (or “BCPâ€) is an essential part of corporate resiliency. We see them activated for issues like natural disasters (like flooding) and even terrorist strikes. But in the face of cyber attacks, they are more important than ever. Effective BCP helps get you back in the game sooner. This is critical because too much downtime could completely destroy your business. Think of it like this: you have the ability to bend while others are breaking. And just like IR and crisis management have evolved, so has BCP. Therefore, lead with skepticism if your BCP is being conducted by somebody who has little understanding of cybersecurity issues.
Good BCP relies on proper investigation and remediation of attacks. Forensic cyber experts and lawyers are well versed in these issues. And BCP relies on IT experts who create proper, segmented, offline backup media (daily!…and is regularly tested to ensure it will actually work in a time of crisis) so that the endpoints and network assets can be restored quickly and easily. Reminder: #BackItUp!
Here is a thought for your scenario testing and planning: take your busiest day or time period, say Black Friday or the two weeks before Christmas and imagine losing your services to whatever scenario (ransomware, DDoS, etc.). Just play out your nightmare scenario and see how you’d deal with it. PS – we just took out your first line of third-party suppliers/vendors/experts because of supply chain integration. They’re down now too. What do you do now? PPS – Sorry, but don’t say we didn’t warn you!
Just like with IR, review, update, and test BCP regularly. Businesses are dynamic. We have accepted that into our corporate culture. But we have not necessarily adopted the same feeling in terms of continuous improvement for IR or BCP. These are those things where we don’t see return-on-investment until they’re actually needed. Just remember things can always be improved and in this modern interconnected world, effective BCP must deal with the variety and complexity of vendor dependency. Long gone are the days where you could do everything “in-house†unfortunately, so you need to regularly review and update vendor roles and responsibilities.
Crisis Communications Planning
The worst time to exchange business cards is in the middle of a crisis. Over-thinks cause delays. Analysis paralysis can turn a press release into a bunch of gobbledygook. And seriously, do you really want to be doing this for the “first time†during a crisis?
You see, crisis communications are there to manage the intangible, the things that rely on confidence, such as reputation and market capitalization. You may, in fact, have your act together but if the message coming out of your organization seems like utter chaos, the public will make up their mind on that information, not what is actually going on. If you accept for a moment that emotions and images are more powerful in impacting our decision-making over rationality and words, then you see our point of view crystal clear. So toss out the window you are in control of this situation (in terms of how the public views you) and do your best to manage what you have to deal with. Here are a few pointers to help with the management.
1) A pre-meet with the FBI and Secret Service is not a bad thing. In fact, we strongly believe in doing so. Why? Go back to our “worst time to exchange business cards is in the middle of a crisis†comment. Meeting beforehand gives all parties a chance to meet without someone™’s hair being on fire (and incredibly reduces the possibility of an errant punch to the face when frustrations boil over). During the pre-meet, you can discuss systems and IT networks. You can also discuss expectations and levels of support. It makes a difference. And of course, you do that good ole fashioned thing called “building a relationship†with persons and institutions. There are instances where a pre-meet, coupled with time and accurate disclosure, have discouraged lawsuits. This is a very good thing. So remember, a friend in need is a friend indeed. And if you got a nation-state or transnational crime syndicate smashing through your network (or being the stealthiest little bugger you have ever encountered), having friends of this kind are good to have.
2) Pre-draft your disclosures for different scenarios. Much like planning for different attacks, having these different templates in your back pocket saves you valuable time. Consider that most significant breaches will require disclosures to regulators, shareholders, investors, employees, and others. The European Union™’s GDRP has given consumers a mighty hammer and if you’re not ready for the GDPR, you may be facing a world of hurt on that (keep an eye out for the #CyberAvengers playbook coming out soon which talks more about the GDPR). And some of you may giggle at this, but have some disclosures ready to go with 140 characters. In case you haven’t noticed, Twitter, social media, and bloggers sort of play a big role these days. It™’s your way of speaking directly to the people without an intermediary filtering your message.
3) Use people who have experience. This point is the pièce de résistance. As we mentioned above a few times, it is important for all companies to project an air of confidence in the middle of a breach. Confidence goes a long way. It shows the company has its act together. It shows that it understands and appreciates its different constituents. It can move markets. Somebody who understands all these moving parts are a system – not a bunch of individual goals – can turn a crisis into a success within 72 hours. But don’t be fooled, these skills are not acquired overnight. A good way to identify somebody experienced is if they (FIGURATIVELY!!!) have been battered, bruised, full of battle scars, but are still going on with a smile on their face, plugging away.
On a final note, with the advent and increasing prevalence of firm state, federal and international breach disclosure timing standards, time has become even more precious. Having ready-to-go-IR, tested BCP, and executable crisis communication plans not only save you time, but could save you from the enormous tangible issues, like fines and penalties, and spare you the intangible carnage, like stock price drops and reputational damage.
Don’t lose in minutes what has taken you years to build just because you think it is okay to cut a few corners or believe “this won’t happen to me.†As the old vaudeville joke goes: “How do you get to Carnegie Hall? Practice, practice, practice.â€
LEVICK | September 20th, 2017
How to Respond to a Cyber Attack

By Paul Ferrillo
Intelligent responses depend on three elements:
1) Incident Response Planning
2) Business Continuity Planning
3) Crisis Communication Planning
There are numerous articles and memos deal with the topic of incident response, business continuity, and crisis communication plans. Many have been distributed through media outlets even. So you may be asking: why us, why now, and what more could we possibly offer in this space?
We think the answer is pretty simple: sometimes you can’t get enough of a good thing. Similarly, there are fundamental topics that people still are having problems with. One subject area that evidently needs work is responding confidently to a cyber attack in an intelligent and public manner. There are a great deal of texts and certifications out there on these issues (some better than others of course), but if we could, we’d like to give you some “basic street talk†on these issues. Essentially, we want to present to you the issues in a way that you could discuss while having a coffee or drink.
We won’t name names, but there are real-life examples of “good†responses. You intuitively know a good response. You feel a level of confidence that the company has the facts, knows the circumstances of what has happened, and is going “full steam ahead†to clean up whatever the mess is. Despite the situation being bad, you know that whoever is steering the ship has things “under control.â€
And then there are the “other†responses. You intuitively know a bad response also. It™’s the one with the bad smell, the train wreck you can’t watch but still want to, and the one where you throw up your arms and say to yourself “are you kidding me?! Did you really do that [or say that publicly?!â€} In cases like this, you’ll normally see a swarm of regulators, stakeholders, investors, and the public directing a lot of “suspicion†to the organization and its executives.
Like we said, not naming names, but we want to give you some quick thought as to what we feel works and what does not work when you have a cyber train wreck at your fingertips. Here goes:
Incident Response Planning
There are plenty of things that often come up concerning the importance of incident response (or “IR”) planning. First, the importance of having a plan cannot be understated. The worst time to figure out what to do or say if there is in the middle of a cyberattack. For instance, Internet access might get disrupted, files might get encrypted, executives might get fired or suddenly retire, or revelations might occur indicating a major loss of customer information or financial data. All of these issues might indicate a range of problems from either a “manageable” to a “catastrophic” problem depending upon what happened. Problems get further compounded if the company is publicly traded, or is regulated by a federal or state agency (such as the SEC or the NY DFS) where the timeliness and accuracy of disclosures matter greatly, along with the reputation of the company or firm being attacked.
All stuff you know so far. Now comes the moment of not mucking it all up.
1) The IR Plan needs to be practiced often and not left in the desk drawer waiting for the first disaster to strike. Do even the top athletes of the world practice before the big game? Yes. They do. So if the very best need practice for something routine (like playing a game they’ve played their entire life), you can sure as bet you need a lot of practice for something that is hopefully not routine. And practice your IR plan with all people internally, such as the board, executives, IT, HR, and the general counsel™’s office. It™’s not a bad idea to have an outside lawyer and cyber forensic advisor as well because, in a real disaster, you’re probably going to need them too. Failure to practice your IR plan is more or less the number one “YOU LOSE!†issue we see.
2) We recognize you have limited resources and can’t think of every possible disaster, but you need multiple plans and you need plans to test your limits. Practicing touch football will do little for you if you’re preparing for the Super Bowl. So think small and large breaches in various forms, such as DDoS, ransomware, insiders, corporate espionage, and depending on your size, even nation-state attacks. Make sure all of your plans have mechanisms to notify/activate the right people. This includes law enforcement, regulators, stakeholders, and investors. And plans can’t stay static, so keep in mind that plans need to address personnel changes and organizational restructures. No two cyber attacks are alike, so all IR plans cannot be alike either.
Practice hint: if you are multinational, you should have different regional plans and see if and how they would need to interact, particularly if an attack in jurisdiction A can have an effect on jurisdiction B. Different people involved, different laws, different vendors. You need to know all this stuff ahead of time.
3) Who™’s the boss? You need an incident commander. Somebody needs to be in charge (they may be able to hand off if the situation changes) but somebody has to be the boss. Crisis handling by committee usually ends up in a boilover. Identify who needs to be the boss for the scenario at hand and who their support team will be. Sometimes it™’s the CEO taking all the hits. Sometimes is the general counsel leading, with the CEO being the public face. Other times it™’s a technical specialist running the table internally, but helping the PR team craft the external message. Experienced crisis management firms are helpful for disclosures, but if you go this route, make sure they know have experience in cybersecurity issues, because cyber is an animal we still do not know well. Just be sure to have somebody calling the shots.
4) Timing is everything, especially for public companies that are trading daily on information available to investors. We are often told that we should “just get the information out there†and there is a reason for that advice, but be prudent. Trying to outrun a potentially out of control speeding locomotive without some safety precautions could result in…well, use your imagination. With that said though, don’t sit back to watch and enjoy the show because once that train cross state lines, you may have no control at all. We admit this is not an easy task. You have to find that sweet spot between “doesn’t have its act together†or “is potentially hiding something.â€
Business Continuity Plans
Business Continuity Planning (or “BCPâ€) is an essential part of corporate resiliency. We see them activated for issues like natural disasters (like flooding) and even terrorist strikes. But in the face of cyber attacks, they are more important than ever. Effective BCP helps get you back in the game sooner. This is critical because too much downtime could completely destroy your business. Think of it like this: you have the ability to bend while others are breaking. And just like IR and crisis management have evolved, so has BCP. Therefore, lead with skepticism if your BCP is being conducted by somebody who has little understanding of cybersecurity issues.
Good BCP relies on proper investigation and remediation of attacks. Forensic cyber experts and lawyers are well versed in these issues. And BCP relies on IT experts who create proper, segmented, offline backup media (daily!…and is regularly tested to ensure it will actually work in a time of crisis) so that the endpoints and network assets can be restored quickly and easily. Reminder: #BackItUp!
Here is a thought for your scenario testing and planning: take your busiest day or time period, say Black Friday or the two weeks before Christmas and imagine losing your services to whatever scenario (ransomware, DDoS, etc.). Just play out your nightmare scenario and see how you’d deal with it. PS – we just took out your first line of third-party suppliers/vendors/experts because of supply chain integration. They’re down now too. What do you do now? PPS – Sorry, but don’t say we didn’t warn you!
Just like with IR, review, update, and test BCP regularly. Businesses are dynamic. We have accepted that into our corporate culture. But we have not necessarily adopted the same feeling in terms of continuous improvement for IR or BCP. These are those things where we don’t see return-on-investment until they’re actually needed. Just remember things can always be improved and in this modern interconnected world, effective BCP must deal with the variety and complexity of vendor dependency. Long gone are the days where you could do everything “in-house†unfortunately, so you need to regularly review and update vendor roles and responsibilities.
Crisis Communications Planning
The worst time to exchange business cards is in the middle of a crisis. Over-thinks cause delays. Analysis paralysis can turn a press release into a bunch of gobbledygook. And seriously, do you really want to be doing this for the “first time†during a crisis?
You see, crisis communications are there to manage the intangible, the things that rely on confidence, such as reputation and market capitalization. You may, in fact, have your act together but if the message coming out of your organization seems like utter chaos, the public will make up their mind on that information, not what is actually going on. If you accept for a moment that emotions and images are more powerful in impacting our decision-making over rationality and words, then you see our point of view crystal clear. So toss out the window you are in control of this situation (in terms of how the public views you) and do your best to manage what you have to deal with. Here are a few pointers to help with the management.
1) A pre-meet with the FBI and Secret Service is not a bad thing. In fact, we strongly believe in doing so. Why? Go back to our “worst time to exchange business cards is in the middle of a crisis†comment. Meeting beforehand gives all parties a chance to meet without someone™’s hair being on fire (and incredibly reduces the possibility of an errant punch to the face when frustrations boil over). During the pre-meet, you can discuss systems and IT networks. You can also discuss expectations and levels of support. It makes a difference. And of course, you do that good ole fashioned thing called “building a relationship†with persons and institutions. There are instances where a pre-meet, coupled with time and accurate disclosure, have discouraged lawsuits. This is a very good thing. So remember, a friend in need is a friend indeed. And if you got a nation-state or transnational crime syndicate smashing through your network (or being the stealthiest little bugger you have ever encountered), having friends of this kind are good to have.
2) Pre-draft your disclosures for different scenarios. Much like planning for different attacks, having these different templates in your back pocket saves you valuable time. Consider that most significant breaches will require disclosures to regulators, shareholders, investors, employees, and others. The European Union™’s GDRP has given consumers a mighty hammer and if you’re not ready for the GDPR, you may be facing a world of hurt on that (keep an eye out for the #CyberAvengers playbook coming out soon which talks more about the GDPR). And some of you may giggle at this, but have some disclosures ready to go with 140 characters. In case you haven’t noticed, Twitter, social media, and bloggers sort of play a big role these days. It™’s your way of speaking directly to the people without an intermediary filtering your message.
3) Use people who have experience. This point is the pièce de résistance. As we mentioned above a few times, it is important for all companies to project an air of confidence in the middle of a breach. Confidence goes a long way. It shows the company has its act together. It shows that it understands and appreciates its different constituents. It can move markets. Somebody who understands all these moving parts are a system – not a bunch of individual goals – can turn a crisis into a success within 72 hours. But don’t be fooled, these skills are not acquired overnight. A good way to identify somebody experienced is if they (FIGURATIVELY!!!) have been battered, bruised, full of battle scars, but are still going on with a smile on their face, plugging away.
On a final note, with the advent and increasing prevalence of firm state, federal and international breach disclosure timing standards, time has become even more precious. Having ready-to-go-IR, tested BCP, and executable crisis communication plans not only save you time, but could save you from the enormous tangible issues, like fines and penalties, and spare you the intangible carnage, like stock price drops and reputational damage.
Don’t lose in minutes what has taken you years to build just because you think it is okay to cut a few corners or believe “this won’t happen to me.†As the old vaudeville joke goes: “How do you get to Carnegie Hall? Practice, practice, practice.â€
- Brand
- The Fifth Estate: A Business Guide for Surviving “The Troubles”
- Here We Come
- Corporate Revolt Over Campaign Donations Shakes Political World
- What Happens Next?
- CSR & Sustainability
- Public Perception & the Biden Transition
- WATCH: Reputation Management with PRSA
- Over the River and Through The Woods
- Why Non-Profits are so Vulnerable to Crisis Risk
- The Threat to Free Markets
- What Happens When Nonprofits Get Caught In The Klieg Lights?
- You Took a PPP Loan. Now Get Ready to Talk About It.
- Communications
- The Fifth Estate: A Business Guide for Surviving “The Troubles”
- Here We Come
- The Ministry of Common Sense
- Why Should I Apologize? Lawyers vs. Communicators
- What Happens Next?
- CSR & Sustainability
- A Conversation with Abbe Lowell
- A New Year’s Resolution
- Public Perception & the Biden Transition
- WATCH: Reputation Management with PRSA
- Leveraging Legal Expertise in Communications
- Over the River and Through The Woods
- Company News
- Here We Come
- Recent Awards & Recognition
- Won’t You Be My Neighbor?
- What’s a Director to Do?
- LEVICK Announces Partnership with BCG
- A New Look
- Albert Krieger, 1923-2020
- LEVICK Announces Partnership with Jipyong
- Speaking to In-House Counsel
- Childhood Lessons
- LEVICK Announces New Webinar Series with Turbine Labs
- LEVICK Launches New Website
- Crisis
- The Fifth Estate: A Business Guide for Surviving “The Troubles”
- What to expect as the clock approaches midnight
- How to Stop the Madness
- Corporate Revolt Over Campaign Donations Shakes Political World
- A Remembrance of Tommy Raskin
- No ‘justice’ in rep’s vote
- A Call for Orderly & Peaceful Transition of Power
- Recovering from the Greatest Sacrifice
- The Cost of Government Regulation and the Threat to Free Enterprise
- What Happens Next?
- A Conversation with Abbe Lowell
- Covid-19: The Pandemic that Never Should Have Happened
- Finance
- Here We Come
- The Threat to Free Markets
- Advisory & Insurance Services
- WATCH: Revolutionizing Litigation Finance
- Litigation Finance: Revolutionizing Litigation
- Consumer-Focused Solutions for Financial Health
- Event: Consumer-Focused Solutions for Financial Health
- Sports: Power and Money in a New Age of Social Justice
- The Balancing Act: The Role of Whistleblowers in American Commerce and Government
- The Evolving and More Powerful FARA
- FCPA & Compliance in a Time of Uncertainty
- Shareholders vs. Stakeholders: Is the Paradigm Shifting?
- Guest Column
- Guest Blog: The Mainstream Media Gets an A for Intellectual Arrogance, an F for Journalism
- Buckle up Directors: Cybersecurity Risk and Bankruptcy Risk Are Not Mutually Exclusive
- Buckle up Directors: Cybersecurity Risk and Bankruptcy Risk Are Not Mutually Exclusive
- South Africa: The Slow Decline of the ANC
- Why CSR Fails and How to Fix It
- What to Expect Following the European Elections?
- Buhari Inaugurated. What Now for Nigeria?
- Marketing- It’s Up To You…
- Crisis Management lessons from the air-crash investigation model
- The Future of War
- Health
- Food Issues & the Biden Administration
- Covid-19: The Pandemic that Never Should Have Happened
- Pharma’s Post-Pandemic Policy Outlook
- Keeping Hope Alive
- Real Herd Immunity
- The Fiction of College Sports Amateurism
- Mac Summit: Crisis Communications in a Post-Covid, Post-Election World
- Travel Industry Communications in the Age of Covid-19
- Track of Time
- Is C-19 Taking Women Lawyers’ Careers Back to the 1950s?
- Post-Pandemic PR Strategy
- Bankruptcy: A Culture of Transparency
- In Memoriam
- Snider’s Super Foods: Locally World Famous
- Speak Truth With Love, Not Anger
- In Memoriam: Stephen Susman
- Letter to the Movement
- John Lewis’ Life Bridged the Best of America
- Albert Krieger, 1923-2020
- In Memoriam of Marcia Horowitz
- Jim Lehrer Passes Away
- Martin Luther King, Jr.
- Harold Burson Passes Away
- Interviews
- CommPRO: Ruth Bader Ginsberg’s Life & Legacy
- Richard Levick on “My Wakeup Call”
- Primerus Webinar: Into the Wind
- The Future of Baseball Post-Pandemic
- Webinar: The End of Brand Neutrality
- Thought Leadership & Organic Growth
- Man & Superman
- LEVICK Announces New Webinar Series with Turbine Labs
- Navigating Coronavirus Challenges in the Insurance Industry
- VIDEO: How to Anticipate & Avoid a Crisis
- What’s Next? with Julie Chase
- What’s Next?: California Electoral Behavior
- Law Firms
- Why Should I Apologize? Lawyers vs. Communicators
- You Took a PPP Loan. Now Get Ready to Talk About It.
- Beyond Black Swan: Positioning the law firm for the new normal
- A Salute to Personal Courage and the Rule of Law
- Cyber Risk Institute Expands Its Profile
- When a client becomes a law firm’s PR nightmare
- The General Counsel’s Dilemma
- A First Look at the Google Antitrust Suit
- The Latest Top Class Actions
- Trust on Trial: How Communicators Succeed in a World No Longer Trusted
- The Latest Settlements, Class actions, Investigations & More
- Managing Legal & Communication Advice in a Crisis
- Litigation
- Why Should I Apologize? Lawyers vs. Communicators
- A Conversation with Abbe Lowell
- Leveraging Legal Expertise in Communications
- You Took a PPP Loan. Now Get Ready to Talk About It.
- Beyond Black Swan: Positioning the law firm for the new normal
- A Salute to Personal Courage and the Rule of Law
- Cyber Risk Institute Expands Its Profile
- When a client becomes a law firm’s PR nightmare
- The General Counsel’s Dilemma
- WATCH: Revolutionizing Litigation Finance
- Litigation Finance: Revolutionizing Litigation
- A First Look at the Google Antitrust Suit
- Our Work
- Recent Awards & Recognition
- The Cyber Bad Guys Are Getting Worse
- Crisis Communications & The Age of Cancel Culture
- Standing on the Shoulders of Giants
- Video: Conversations with American Legends
- Staying Ahead of the Crisis
- A New Era of Insurance Marketing
- Infographic: Judgment Free Zone
- Infographic: Barriers to Entry
- Infographic: History Meter
- Assistance for Law Firms Engaged in Pro Bono
- Webinar: The End of Brand Neutrality
- Public Affairs
- The Fifth Estate: A Business Guide for Surviving “The Troubles”
- What to expect as the clock approaches midnight
- How to Stop the Madness
- Corporate Revolt Over Campaign Donations Shakes Political World
- No ‘justice’ in rep’s vote
- A Call for Orderly & Peaceful Transition of Power
- Recovering from the Greatest Sacrifice
- Food Issues & the Biden Administration
- The Cost of Government Regulation and the Threat to Free Enterprise
- What Happens Next?
- CSR & Sustainability
- A Conversation with Abbe Lowell
- Risk
- Ingredients of Decency
- ESG Performance and Credit Markets
- The Coronavirus Saga is Just Beginning
- No. 1 Risk of the Decade
- The Risk Evolution of Corporate Risk
- Extend Risk Management Reach
- Collective Action
- Risk Identifying Software
- The New Risk of Doing Nothing
- Political Unrest In Hong Kong
- High-Profile Kidnaps in African National Parks
- Cyber Resilience
- Social
- The Ministry of Common Sense
- How to Stop the Madness
- A Remembrance of Tommy Raskin
- No ‘justice’ in rep’s vote
- A Call for Orderly & Peaceful Transition of Power
- Recovering from the Greatest Sacrifice
- CSR & Sustainability
- A New Year’s Resolution
- Dropping the Mic
- Won’t You Be My Neighbor?
- Crisis, Covid, DEI & the Election
- MLK’s Memphis Address
- Technology
- Constella Intelligence Announces Hunter for Improved Investigation Capability
- Cyber Risk Institute Expands Its Profile
- Digital Politics: The Future of Voting Technology
- Ethics in Electronics
- The Cyber Bad Guys Are Getting Worse
- A First Look at the Google Antitrust Suit
- The Pause
- Cybersecurity Incidents of the Summer
- The Changing Digital Economy and Cyber Risks
- The Future of U.S. Manufacturing
- Tech CEO Summer Superbowl hearing
- Technology & Privacy Alert
- This Week
- A Remembrance of Tommy Raskin
- A New Year’s Resolution
- Over the River and Through The Woods
- Dropping the Mic
- Won’t You Be My Neighbor?
- The Cyber Bad Guys Are Getting Worse
- What We Hear
- Track of Time
- Video: Conversations with American Legends
- Conversations with American Legends
- A New Era of Insurance Marketing
- American Legend