Spencer Fane LLP Logo

Cyber Risk Management

Spencer Fane Data Privacy and Cybersecurity attorneys help businesses manage risk associated with their data, systems, and those of third parties. We guide business leaders through each important phase of the cyber and data risk analysis and management process, establishing a thorough and recurring review cycle to keep policies and procedures up to date and focused on protecting against breaches and other threats to systems, data, and customer information.

Our attorneys firmly grasp the complex regulations and consistently monitor evolving high-tech issues surrounding cybersecurity. Our practical, client-focused approach aims to help ease business leaders’ fears and give them confidence their systems and data will remain secure, especially as risk associated with vendor relationships increases.

We focus on the long-term health of a business. This means learning the ins and outs of a company and understanding the type of work performed, the customers or consumers, and the data collected in the process of doing business. Our attorneys then identify potential cyber risks and develop a strategic, customized plan to minimize that risk. To best protect businesses, this involves building out phased plans that allow companies to quickly address the most critical immediate risks while also safeguarding against future and ongoing threats.

Spencer Fane can build relationships with third-party vendors for deep assessments of systems, assist in the purchase of comprehensive cyber insurance, and establish phases for implementing the full plan. We also test incident response plans through tabletop exercises, reassess, and reformulate the plan at regular intervals.

Representative Experience 

  • Coordinated security risk assessments for organizations handling personally identifiable information or protected health information, including engagement of security consultants for HIPAA assessments, PCI-DSS audits, and red team assessments.
  • Developed a vendor management program for a large healthcare organization including implementation of a vendor risk assessment process, standard business associate and non-business associate vendor agreements, and training for contracting staff regarding effective implementation.
  • Drafted privacy and security policies and procedures for regulated financial institutions to comply with Gramm-Leach-Bliley Act.