Incident Response Process

Cyber risk claims at law firms are considerably more complex than claims for retailers, Financial Institutions or healthcare entities because cyber risk claims at law firms often involve confidential information or information subject to attorney client privilege. Therefore, we designed our SafeLaw incident response network and process for the unique needs of law firms.

Initial Point of Contact

O’Hagan Meyer handles the incident reporting telephone hotline (and email). O’Hagan Meyer’s primary specialty is in working with professional liability insurers. They are also the founder of the Professional Liability Attorney Network (“PLAN”) and have over 10 years of experience in working with cyber risk policies and claims. The first call from the client goes to Kevin O’Hagan, Matt Lanskey or Jamie Davidson.

Many cyber risk insurers have a technology/security firm managing the incident reporting hotline instead of a law firm. We use a law firm be the first point of contact to establish attorney client privilege with the client. The types of incidents involving law firms are typically sensitive and our first clients demanded an option to report under privilege, so we designed our incident response and claims handling around the concept of attorney client privilege.

Aside from establishing privilege, O’Hagan Meyer is responsible for:

  1. the initial intake of the incident and coordination overall response with the insurer;
  2. providing the policyholder with triage advise and communicating a litigation hold to preserve evidence as needed;
  3. working with the client to deploy breach response service vendors (also under privilege); and
  4. coordinating specialist involvement when it is needed.

After your initial call with O’Hagan Meyer, your response path will be determined. Below we have detailed the path which would be taken in different use cases. Choose one below to follow the process.


Privacy Breach Process
DDOS Process
DDOS Process
Ransomware Process
IP Process