Sean Hoar Quoted By Fast Company In Article On Responding To Ransomware Attacks

Portland, Oregon (March 31, 2020) – Portland Partner Sean B. Hoar was quoted in an article titled “When Hackers Kidnap Their Data, Companies Are Increasingly Using ‘Breach Coaches’ And Negotiators,” which discusses the trend toward hiring attorneys to coordinate multi-faceted responses to cyberattacks. That is, once a business notifies its cyber insurance company of a ransomware attack, the insurer typically connects the business with a law firm that will lead the response.

Retaining a law firm to lead the response to a ransomware attack yields significant advantages for businesses. First, attorneys provide the necessary legal guidance, which includes advising clients on their duty to disclose the attack to customers and regulators. Because conversations between attorneys and their clients are protected by law, they are free to speak candidly about the cyberattack. Mr. Hoar, who serves as the chair of Lewis Brisbois’ Data Privacy and Cybersecurity Practice, explained, “Right off the bat, the communication with the client is covered by the attorney-client privilege and the work product doctrine.” 

In addition to advising on legal matters arising from a ransomware attack, attorneys are also in a position to coordinate with the various entities involved in launching a response. For example, they may coordinate with computer forensic experts, companies that notify customers about the breach, and IT firms that provide staffing to remedy technical issues. According to Mr. Hoar, Lewis Brisbois regularly receives calls from insurers and end clients who seek assistance with coordinating responses to ransomware and other digital attacks. “People call us breach coaches,” Mr. Hoar said. “I prefer to use the term outside counsel,” he added.

A complex issue that often emerges following an attack is determining whether a business should negotiate with the hackers and potentially pay a ransom. Again, attorneys are adept at analyzing this issue and working with negotiation experts as necessary. Mr. Hoar explained that Lewis Brisbois requires that any ransomware negotiation expert with whom it works must conduct sufficient due diligence to establish that a payout would not violate anti-money laundering laws and related regulations. He described that once negotiations begin, appealing to the attacker’s altruism, by mentioning good work done by a nonprofit client or the like, may help. “I may find where I’ve got an opportunity to insert that kind of information in case it gains my clients anything.”

After thwarting the immediate threat to a business, the individual or firm leading the response will work with the business to improve its cybersecurity. To ensure that the business does not fall victim to a future cyberattack, experts typically recommend strengthening the protections within the company’s digital networks and improving its cybersecurity policies.

You can read the full article on

Related Attorneys

Find an Attorney

Each of the firm's offices include partners, associates and a professional staff dedicated to meeting the challenge of providing the firm's clients with extraordinary service.