Welcome To Cybersecurity for In-House Lawyers

Updated January 18, 2024
9 min read
Welcome To Cybersecurity for In-House Lawyers

Not long ago, cybersecurity was primarily a technically oriented field, almost exclusively handled by IT professionals and characterized by code, malware control, restricted access to systems, and network protocols. However, as the internet has infiltrated every aspect of modern life, cybersecurity's umbrella has widened, encompassing everyone — including in-house legal counsel.

As business operations pivot online, cybersecurity becomes a key player, forcing lawyers to grapple with numerous issues to protect their clients and themselves. This article aims to illuminate the multifaceted world of cybersecurity, familiarizing in-house lawyers with critical technical aspects, potential threats, and existing legal frameworks designed to confront a potentially dangerous digital landscape.

Understanding Cybersecurity

Cybersecurity involves defending computers and data from unauthorized access or illicit usage. As the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has defined, cybersecurity functions to safeguard data confidentiality, integrity, and availability (CIA) and prevent unauthorized control, misuse, and harm to computer systems.

The National Institute of Standards & Technology (NIST) developed a cybersecurity framework widely used by the U.S. government and other entities. This structure lays out cybersecurity into five core functions:

  1. Identify: Recognize the risks to systems, people, assets, data, and capabilities.

  2. Protect: Implement protective measures to ensure the timely delivery of critical services.

  3. Detect: Identify cybersecurity incidents promptly.

  4. Respond: Take immediate action against detected cybersecurity events.

  5. Recover: Maintain resilience plans and restore services or abilities impaired due to a cybersecurity incident.

This framework helps conceptualize cybersecurity, underlining an essential truth: while compliance is beneficial, it shouldn't be mistaken for security. The latter digs deeper, regularly evaluating potential threats and vulnerabilities while integrating preventative strategies. It's a responsive process that evolves daily to stay ahead of potential threat actors.

Understanding Threats and Risks

Cyber "threat actors" can include various perpetrator profiles, comprising skilled criminals, criminal groups, nation-states, activists, and even bored individuals initiating mischievous acts with computers. These threat actors may attack companies to steal valuable data, disrupt operations, exhibit their capabilities, or make a political statement.

Threat actors' actions may be targeted or widespread, seeking vulnerable victims online. Such actors employ various tools — from available tools, bespoke tools, or even hacking services — to initiate attacks. Tools are continuously upgraded, particularly as security tools advance.

Threat actors must follow specific steps, delineated in the "Cyber Kill Chain," to execute a cyber attack. They employ particular Tactics, Techniques, and Procedures (TTPs), categorized and understood using the MITRE ATT&CK framework. TTPs vary widely in complexity, and understanding previous attacks can provide valuable insights.

Threat actors often conduct low-tech surveys as a part of their attack strategy, aiming to understand their target and its vulnerabilities. To secure systems against such threats, defenders continuously strive to identify and address system vulnerabilities, reporting as necessary to shared utilities such as the Common Vulnerabilities and Exposures (CVE) Program run by MITRE.

Managing Risks and Threats

At its heart, cybersecurity is a risk-management field providing four central strategies: avoidance, transference, mitigation, and acceptance. Each strategy operates uniquely: 

  • Avoidance focuses on circumventing risk altogether.

  • Transference usually offloads part or all of the risk through insurance.

  • Mitigation entails steps taken to lessen the harmful effects of a risk.

  • Acceptance is recognizing the danger and preparing recovery measures for potential impacts. 

Underpinning these strategies, cyber professionals utilize passive and active measures to reduce cyber incident risk and safeguard computing systems.

Defensive structures like antivirus tools or multi-factor authentication are considered passive measures designed to add layers of protection against potential threats. On the other hand, active defense measures, like continuous system monitoring or threat hunting, permit rapid detection and response to cyber incidents requiring human or automated intervention, leading to a resilient cybersecurity stature.

Cybersecurity and Law

The complex sphere of cybersecurity necessitates the involvement of legal professionals to navigate various technological and regulatory demands and understand the nuanced implications of evolving laws. This need arises because cybersecurity's legal facets go beyond just technicalities. They extend into areas of ethics, privacy, and legislative compliance that require a deep understanding and interpretation of the law.

Traditional legal support encompasses advising, contract interpretation, law and regulation interpretations, drafting policies, and investigating breaches and policy violations. These tasks cater to the organization’s regulatory adherence and build a culture of legal and ethical cyber practices.

Furthermore, lawyers can play a crucial role in establishing and operating a governance structure for cybersecurity, handling third-party risks, and managing cybersecurity incidents. Their involvement provides a legal lens to cybersecurity, which can streamline procedures, ensure compliance, and reduce potential legal ramifications in the face of an incident.


While cybersecurity can seem intimidating, with its complex jargon, rapid advancements, and highly technical nature, it's crucial to remember that lawyers bring indispensable skills. Identifying core issues, breaking down complex problems, weeding out irrelevant information, using probing questions to extract essential information, and communicating are all tools in a cybersecurity attorney's arsenal.

However, it takes more than just understanding the landscape; it implies finding a cybersecurity lawyer well-versed in the field's intricacies and rapidly evolving nuances. With practiced knowledge and sensitivity to the many nuances of cybersecurity, such lawyers are set to maintain an invaluable role in guiding organizations through the maze of cyber threats, regulations, and potential legal issues. Thus, to successfully navigate this ever-evolving field, find a cybersecurity lawyer who can expertly link the world of law and technology.

Article by
Michael Habash

Michael Habash is a technology program executive and attorney. He has over a decade of experience implementing and managing technology solutions, corporate policy, and risk management for large corporations and organizations. He stays active in the legal community helping law firms evaluate and implement legal technology and as a volunteer attorney.