Cybersecurity and Data Breach

We help clients develop best practices for cybersecurity and compliance in avoiding and addressing risk.


With data breaches and other data privacy incidents on the rise, the cybersecurity regulatory landscape is evolving at a rapid pace. Shumaker attorneys stay up-to-date on the latest changes in these laws and regulations (which often vary by industry) to ensure that clients stay in compliance and protected against data breaches. Drawing on decades of specialized experience, we analyze clients’ current cybersecurity programs to identify any gaps and devise compliance strategies that minimize risk and interruptions to their business. We assist clients with privacy policies, data processing addendums (DPAs), and other related cybersecurity agreements. In addition, we help clients negotiate service agreements with third parties that may hold or process their data.


Cyber insurance is an integral component of a business’ risk mitigation program and can encompass a number of policies, including network data security, commercial general liability, errors and omissions, crime/fidelity, and media liability. Shumaker’s Insurance Recovery attorneys work closely with clients before and after a cyberattack to assess the strength of coverage and identify potential areas of liability.

Our team conducts pre-incident reviews of cyber insurance policies to discuss the extent of coverage, helping to identify any potential gaps and renegotiate policies if necessary. In the event of a data breach or other cyberattack, we review and assess the amount of coverage available and work with the broker during the claims process to maximize recovery of losses sustained from the incident.

Data Breach

When protected data is compromised through a breach or other similar incident, a timely, strategic response is critical to mitigating any potential damages. Shumaker’s Data Breach team has the experience and acumen necessary to coordinate such responses. We guide clients through the notification process, ensuring that they comply with all legal reporting requirements and disclosure obligations. Conducting a thorough overview of the client’s cybersecurity policies which were in place at the time of the incident, we lead investigations into issues that may have led to the breach and help strengthen these policies in order to prevent future data breaches.

Our Clients

  • Broker-dealers
  • Corporate officers and directors
  • Health care facilities
  • Investment banks
  • Investors
  • Media companies
  • Professional services firms
  • Public sector and government entities
  • Registered representatives
  • Retailers
  • Securities firms
  • Technology companies

Our Services

  • Due diligence and assessment of reasonable measures required to protect and secure personal information
  • Identifying and containing potential breaches
  • Drafting of and compliance reviews for cybersecurity programs, policies and service agreements
  • Legal risk assessment and strategic risk mitigation advice
  • Pre-incident cyber insurance policy review
  • Post-incident cyber insurance policy review and recovery actions
  • Counsel on breach response plans, including coordinating any required notifications