From Hack to Courtroom: Cybersecurity on Trial

Show Notes

Data breaches are no longer just cybersecurity incidents, they’re litigation events, and this episode explores how cyber incidents can quickly turn into class actions, regulatory‑driven discovery, and complex disputes over standing, causation, and damages. As cyber risk becomes enterprise‑wide legal risk, litigation readiness is no longer optional. An integrated digital solutions approach can help organizations prepare for cyber incidents with an eye toward what matters most.

 

Read the article

• Under Attack: Managing Disputes Arising from Digital Incidents

About WBD’s Digital Solutions Team

• Digital Solutions at Womble Bond Dickinson

Transcript

Welcome to Womble Perspectives, where we explore a wide range of topics, from the latest legal updates to industry trends to the business of law. Our team of lawyers, professionals and occasional outside guests will take you through the most pressing issues facing businesses today and provide practical and actionable advice to help you navigate the ever changing legal landscape.

With a focus on innovation, collaboration and client service. We are committed to delivering exceptional value to our clients and to the communities we serve. And now our latest episode.

Host 1:

 

At our recent virtual Algorithm Economy Summit, WBD Partners Tyler Bridegan [KD1] and Scott Hyman joined Blackbaud Chief Legal Officer Jon Olson for a business-focused conversation on how companies can best manage litigation arising from data breaches and other cybersecurity incidents.

 

Today’s episode covers the high points of their conversation, and you’ll find an article based on the panel discussion linked in the show notes. Now, on to the episode.

 

Host 2:
Welcome back to Womble Perspectives. Today we’re shifting the conversation about cybersecurity away from compliance checklists and toward something that keeps general counsel up at night: litigation. 

 

Host 1:

Data breaches aren’t just technical failures anymore, and the courtroom is increasingly becoming where the real damage is assessed. The question isn’t just whether you get breached, but how to defend what happens next.

 

Host 2:

Cyber incidents now trigger a predictable chain reaction: class actions, derivative suits, regulatory investigations feeding discovery, and follow‑on claims. Plaintiffs’ lawyers are sophisticated, fast-moving, and well-funded and companies that treat cybersecurity as purely an IT issue often find themselves unprepared for the legal scrutiny that follows. Litigation readiness has become just as important as incident response.

 

Host 1:
One of the biggest shifts we’re seeing is how courts evaluate cyber cases. Judges are no longer shocked that breaches happen. They’re asking different questions—about causation, traceability, damages, and reasonableness.

 

Host 2:
Right. Courts are beginning to recognize that data breaches are part of modern digital life. Most plaintiffs have had their data exposed multiple times, and that reality changes how standing is analyzed and whether alleged harm can actually be traced back to a single incident.

 

Host 1:
This is where litigation strategy really starts long before a breach ever happens. How a company prepares, documents decisions, and structures its response can all become evidence down the line. 

 

Host 2:
And defense counsel know that early decisions matter enormously. Statements to customers, regulators, insurers, and the public all become discoverable. In many cases, what the company says in the first days of an incident can matter more than the vulnerability that caused it.

 

Host 1:
The article’s Blackbaud case study really drives this home. Before the 2020 ransomware incident, Blackbaud had a relatively quiet litigation history. After the breach, it faced regulatory scrutiny and extensive litigation almost overnight.

 

Host 2:
What’s important is that Blackbaud wasn’t careless. They had conducted tabletop exercises and invested in cybersecurity defenses. But even strong preparation doesn’t prevent lawsuits. Rather, it positions you to defend them. 

 

Host 1:
One thing that stands out is how quickly litigation pressure escalates. Class actions are often filed within days of a breach becoming public. Plaintiffs’ firms reuse templates, theories, and expert narratives across cases.

 And those complaints almost always allege the same themes: failure to safeguard data, delayed notification, and misleading statements. Defending against those claims requires consistency between what the company did, what it documented, and what it later argues in court.

 

Host 2:
This is where coordination among states can actually affect litigation. When multiple states act together, it can streamline investigations—but it also creates a single factual record plaintiffs can mine. That record often becomes the backbone of civil complaints.

 

Host 1:
Which is why proactive legal strategy matters. Voluntary disclosures, early engagement, and disciplined communication can shape that record. The goal isn’t just regulatory cooperation—it’s litigation positioning as well.

 

Another major litigation theme is breach notification. Every state has different standards, timelines, and thresholds. Plaintiffs often argue that notice was either late or incomplete, even when companies technically complied with the law.

 

Host 2:
And courts look closely at those decisions. Even when notification isn’t strictly required, companies sometimes choose to notify anyway to manage litigation risk. That judgment call can later be framed either as transparency or as an admission depending on how it’s handled.

 

Host 1:
The article also highlights something many companies overlook: where your incident response plan lives. If it’s stored online and attackers access it, that’s a security issue that can become a litigation nightmare.

 

Host 2:
Absolutely. Plaintiffs will argue that the company failed to safeguard its own response procedures. Best practice now includes offline plans, clearly identified vendors, and documented decision trees. Materials that often become exhibits in court.

 

Host 1:
Let’s talk about preparation through a litigation lens. Mapping your data is now about both security and discovery. Knowing what data you have, where it resides, and how it flows helps control the scope of litigation.

 

Host 2:
The same goes for access controls, training, and audits. Plaintiffs often argue that poor internal controls equal negligence. Being able to show disciplined, ongoing efforts helps rebut those claims and can limit exposure at the motion‑to‑dismiss or class‑certification stage.

 

Host 1:
When a breach is discovered, the company’s first moves are legally consequential. Engaging outside counsel early helps preserve privilege and frame the investigation properly. That can shape what ultimately has to be produced.

 

Host 2:
Early decisions also affect insurance coverage, indemnification, and allocation of fault. Missed steps in the first hours can create coverage disputes on top of the underlying litigation. That’s why incident response and litigation strategy have to be aligned from the start.

 

Host 1:
As the response unfolds, documentation becomes critical. Courts want to see methodical decision‑making, not panic. A clear record of why choices were made can be a powerful defense tool.

 And companies should assume regulators’ questions will reappear in civil discovery. National security implications, ransomware payments, and consumer deception theories all migrate easily from investigations into lawsuits.

 

Host 2:
After the immediate crisis, companies often underestimate the importance of post‑incident analysis. From a litigation standpoint, this is about showing learning and remediation.

 

Courts and plaintiffs look closely at whether companies addressed root causes and prevented recurrence. Secondary breaches are especially damaging in litigation. They undermine credibility and fuel arguments for injunctive relief.

 

Host 1:
One of the most interesting litigation tools discussed in the article is the use of dark‑web evidence. Plaintiffs often claim harm based on alleged misuse of data, but that misuse may predate the breach at issue.

 

Host 2:
Expert dark‑web analysis can be central to defeating standing and damages. If the same data has circulated multiple times, it weakens traceability. Courts are increasingly receptive to those arguments when they’re supported by credible evidence.

 

Host 1:
Timing matters here. Engaging experts early helps preserve evidence and build a defensible narrative. Waiting until class certification can be too late.

 

Host 2:
And that strategy doesn’t just affect one case. It can influence settlement posture, motion practice, and even how future incidents are litigated. Strong early positioning often pays off in the long term.

 

Host 1:
No company wants to litigate a data breach, but the reality is that most eventually will. Preparation doesn’t eliminate lawsuits, but it can change their trajectory. It can mean the difference between early dismissal and years of expensive discovery.

 

Host 2:
A well‑prepared company is better equipped to defend its judgment, not just its technology. That’s what courts are really evaluating—whether the company acted reasonably in a complex, fast‑moving situation.

 

Host 1:
And this is where digital risk becomes a business‑wide legal issue. Cybersecurity touches contracts, disclosures, employment, IP, and litigation strategy all at once.

 

Host 2:
Which is why siloed approaches don’t work anymore. Companies need integrated legal support that understands how cyber incidents evolve into lawsuits—and how to manage that risk across the enterprise.

 

Host 1:
That’s exactly where a strong Digital Solutions Team makes the difference. Not just responding after a breach, but helping companies prepare, document, and defend their decisions before litigation begins.

 

Host 2:
If you’re thinking about cybersecurity only as a technical or regulatory issue, you’re already behind. The real battle often happens in court—and having the right digital solutions team in your corner can define the outcome before the first complaint is even filed.

 

 [KD1]Wanted to clarify pronunciation of Tyler’s last name. Is it Bride-uh-gan or Bride-gan?

Thank you for listening to Womble Perspectives. If you want to learn more about the topics discussed in this episode, please visit The Show Notes, where you can find links to related resources mentioned today. The Show Notes also have more information about our attorneys who provided today's insights, including ways to reach out to them.

Don't forget to subscribe via your podcast player of choice so that you never miss an episode. Thank you again for listening.