Losing data from a breach is costly for organisations, and a primary portion of these costs is cybersecurity litigation. Whether it’s a class action lawsuit or litigation from residual effects after users lose their data to identity thieves, litigation is expensive and can last for years after the initial breach. Cybersecurity litigation usually follows a severe data breach when victims of identity theft or future financial loss are your organisation's customers who seek compensation for the event.

What Is Litigation?

Most people think that litigation means going to court and fighting lawsuits before a judge. Many disputes are settled outside of the courtroom before a judge determines the outcome. Usually, settlements outside of court are the best option for both the plaintiff(s) and defendant(s), but some lawsuits require in-court appearances before they can be settled.

When a plaintiff files a dispute, several actions are tried before going into a courtroom to avoid the cost of litigation. Every step in the process is a part of litigation and can take several years to settle. For example, Target suffered from a data breach in 2013, after which several lawsuits were filed. It wasn’t until 2017 that Target settled its lawsuits for $39.5 million combined.

Legal experts follow the same process regardless of whether the lawsuit is large or small. The following steps are a part of general litigation, not just cybersecurity litigation.

Investigations and Demands

A lawsuit starts when a client brings a dispute or claims before their attorney, which can be anything from unpaid rent to business partner disagreements. The attorney (or team of attorneys) decides if the dispute would be monetarily successful and a potential win. Although the adage that “you can sue for anything” might be true, an attorney often avoids frivolous litigation.

Once the attorney decides to take the case, the next step is investigation. The attorney and researchers comb through the facts and collect as many details as possible. The investigation step involves researching the defendant, compiling proof of the plaintiff’s claims, and documenting everything that could be used in court. This step is crucial in the lawsuit's success, whether it continues into the courtroom, or the dispute is settled out of court.

Demand Letters and Pre-Trial Negotiation

An attorney writes a letter of demand outlining their client’s claims and requests. The investigation step informs how the letter is written and structured. An attorney must present all information to the offending party to bring the claims to their own attorney. A demand letter aims to convince the offending party that the plaintiff has a legitimate claim to compensation for lawful wrongdoing. A good demand letter convinces the recipient that the plaintiff would win if a lawsuit based on the claim eventually goes in front of a judge.

Demands for compensation are usually much higher than the attorney expects to receive, but the defense’s attorney will respond with an offer. Typically, the offer is lower than what the defendant is willing to pay. A series of offers and counteroffers usually follow after the initial demand and response. In some cases, both parties come to a compromise, and the dispute ends there.

Litigation is expensive, so it behooves both parties to reach an agreement at this step. It can take several months before both parties settle, but it often benefits both parties to agree to a settlement. In fact, attorneys try to avoid litigation if they can convince the other party to compromise and take a settlement.

Out of Court Options

In some contracts, parties agree to use alternative, less expensive ways to handle a dispute. These methods are preferred over a full courtroom appearance with litigation to avoid hefty legal fees and years of courtroom costs that could drain both parties of money and time.

  • Facilitation: Using facilitation is the most cost-effective option for both parties and requires the least amount of formalities. An unbiased legal expert oversees the dispute and helps the parties reach an agreement. Typically, an unbiased attorney oversees facilitation arguments and determines the value of damages.
  • Mediation: Mediation is also less informal and is often the first step before arbitration or a full-blown lawsuit. The claimant sets the payment request, and the offending party is given a chance to respond with a counteroffer. At the end of the mediation proceedings, an agreed amount is set, and payment is made to the plaintiff. If no amount is agreed upon in mediation, the dispute moves to more costly options.
  • Arbitration: The priciest and most formal option is arbitration. In an arbitration proceeding, a retired judge or impartial attorney sits before both parties and hears arguments. No compromise is necessary, and the arbiter proceeds similarly to a standard court case but with much fewer resources and lower costs. Once arguments are heard, the arbitrator makes a decision that both parties must follow. The plaintiff might win all requested money, some of it, or none of it.

Courtroom Proceedings

If any of the previous options result in a settlement, the parties never see a courtroom. Bringing a lawsuit to court is expensive, so it’s the final option after all others have expired. Lawsuits that reach a courtroom can take years to finalize, so most attorneys try to get their clients to settle before this step.

Before going to court, attorneys engage in the discovery phase, which is a pre-trial investigation into claims to gather facts to present in front of a judge. An effective discovery phase is necessary to win a case, so an attorney might outsource some of the investigation to a third party.

After the discovery phase, attorneys file pre-trial motions that present facts to be argued before the judge. In some cases, the defense attorney may convince the judge to dismiss the case, but this happens rarely and only when the attorney has an airtight case.

If a jury is involved, attorneys select potential jurors to be the fact-finders, whereas the judge ensures that attorneys present facts in a way that follows trial regulations. During the trial, both parties argue their case in front of the judge. Trials can last for months or years, depending on where the case is heard and the court’s schedule. After a lengthy trial, a decision is made, and both parties must agree to follow through with the judge’s orders. Appeals can be made to higher courts if either party determines that mistakes were made or are unhappy with the outcome.

After trial, attorneys ensure money transfers are complete, and the attorney takes their cut of the settlement. A payment schedule might be created should the losing party need to release the money over time rather than in one lump sum.

What Is Cybersecurity Litigation?

Each area of the law targets a specific issue, and attorneys specialising in cyber-crimes usually deal with litigation involving cybersecurity incidents. Attackers can be insider threats or cyber-criminals outside the organisation. Numerous threats could bring organisations to a critical point in business continuity where any mistake could be costly. When an attack damages an organisation's brand or revenue, cybersecurity litigation can help recover some or all of the costs.

Cybersecurity litigation is carried out in much the same way as standard litigation explained above. The only difference is that it focuses primarily on crimes involving systems, the internet, and data. It requires experts to investigate attacks and their origination. Forensics are also necessary in many cybersecurity cases to determine the extent of the damage and if the network is still vulnerable to attacks, such as advanced persistent threats or those with undetected backdoors.

Why Is It Needed?

The consequences of a successful cyber-attack can be numerous. Organisations that suffer from large data breaches deal with brand damage, revenue loss, compliance violation costs, attorney fees, investigations, law enforcement issues, and other irreparable damage that harms business continuity.

State-sponsored attacks and those from corporate espionage can be just as expensive. For example, an employee violating a non-compete that discloses trade secrets to a competitor could permanently damage future earnings and business growth. State-sponsored hackers interfering with the performance and uptime of critical systems could cost millions in lost revenue. Cybersecurity litigation may be necessary to recover losses from these issues and many more.

After an incident response, forensics, and investigations into the attack, most companies work with experts to determine what can be improved to avoid repeat victimisation. Strategies into “lessons learned” are also costly because it often requires additional infrastructure and measures to remediate a common issue that the organisation was unaware of previously.

According to Verizon, the average cost of a data breach is $4.24 million. Although this is an average, many organisations pay millions more to settle consumer lawsuits and launch reputation management campaigns to win back public trust. Organisations need a way to recover from these expenses. Cybersecurity litigation helps organisations recover expenses from offending parties and potentially their brand reputation.

Cybersecurity litigation should not be a replacement for cyber insurance. Insurance helps alleviate much of the costs involved with cybersecurity incidents and lost revenue, but cybersecurity litigation serves the specific purpose of recovering costs should the law enforcement identify the cyber-criminal or when a third party is egregiously negligent, causing severe financial loss.

Litigation Readiness & How Proofpoint Can Help

For most organisations, avoiding a cybersecurity lawsuit is a key element in business continuity. Proofpoint can help with case management to avoid the litigation nightmare. We offer litigation readiness, so your files, data, and audit trails are ready for investigation and forensics.

E-discovery is also a component in cybersecurity litigation, and Proofpoint’s case management strategies make this process far more convenient with less overhead for all parties involved. We transform data storage strategies into compliant collections of audited data for identification, preservation, review, and analysis during litigation proceedings.

If you’d like to learn more, Proofpoint hosts an on-demand webinar to help decipher negligent, non-compliant, and malicious users within your organisation.

The Anatomy of an Insider Threat Investigation

Join us for a 30-minute webinar as we demonstrate how to uncover insights and identify compliance risks within your digital communications stack.

Incorporate Digital Forensics Into Internal Threat Investigations

To mitigate the potential risks that insider threats pose to your business, it’s key to know what your digital forensics capabilities look like.