Davis Polk’s Avi Gesser, associate Matt Kelly, and law clerk Samantha Pfotenhauer co-authored an article, The Expanding Role of Lawyers in Addressing Cyber Risk at Financial Firms, appearing in this month’s issue of The Review of Securities & Commodities Regulation.

Not that long ago, cybersecurity was viewed as primarily a technical issue, to be handled by a company’s IT department.  But times are changing—at least somewhat.  The rise of robust regulatory frameworks related to data privacy and cybersecurity have led to increased compliance risk and potential liability.  As a result, lawyers are increasingly required to provide both legal and strategic advice on a range of cybersecurity-related issues, and to work cooperatively with departments throughout their companies to manage the legal, financial, operational, and reputational challenges associated with cybersecurity.

The article seeks to provide a practical overview of the evolving role of in-house counsel of financial institutions in managing cyber risk and achieving cybersecurity compliance.  It identifies and discusses four areas in which counsel can be expected to play a key role: (1) cybersecurity governance and regulatory compliance; (2) incident response; (3) managing vendor risk; and (4) mergers and acquisitions transactions.  For U.S. corporations—particularly those in the financial services industry—cybersecurity risks pose existential threats.  This article aims to address some of the challenges faced by in-house counsel working to protect and defend their corporations, each day, from these risks.