Cyber Incident Response

Overview

In today’s digital landscape, the threat of cyberattacks, including hacking, ransomware, and other forms of intrusion, is more pronounced than ever. At Kim & Chang, we understand the evolving nature of these threats and the risks they pose, which is why we operate a dedicated, multidisciplinary Cyber Incident Response (“CIR”) Practice.

Our CIR Practice provides 24/7 support, delivering comprehensive crisis management solutions to help organizations respond to and recover from cyber incidents. These solutions include not only legal guidance, but also media and customer response strategies, technical analysis and root cause investigation, and consulting for system improvements. If you are experiencing a cyber incident, contact our hotline below for immediate assistance.

Hotline E-mail: CIR_Hotline@kimchang.com/Tel: +82-2-6390-2688

The Cyber Incident Response (“CIR”) Practice of Kim & Chang supports our clients in identifying and addressing risks and vulnerabilities prior to, and overcoming crises following, a cyber incident, such as hacking, ransomware, system and network intrusion, and data breach. Our CIR Practice is comprised of experts with extensive experience in various fields, such as cybersecurity, data privacy, IT/communications, civil/criminal litigation, and government/media relations. In addition, the CIR Practice works closely with our firm’s in-house advisors, who possess extensive experience and expertise on relevant government agencies, thereby providing clients with in-depth insights into the investigation and internal decision-making processes of investigative agencies. Our cybersecurity and IT experts also assist in accurately identifying the facts, while providing effective IT solutions tailored to our clients’ needs.

As a trusted partner to our clients, our CIR Practice has successfully advised clients on how to recover from cyber incidents in a wide range of industries, including the finance, healthcare, IT/communications, distribution, insurance, cryptocurrency/virtual assets, luxury goods, online platform, and national defense and defense technology sectors. Our CIR Practice is committed to helping our clients implement cyber-resiliency, maintain continuation of business, respond effectively to agencies’ investigations, handle inquiries from other stakeholders and the public, and handle civil, administrative and criminal lawsuits.

Why Kim & Chang?

Cyberattacks entail a major corporate governance and management risk that directly affects the viability and reputation of companies. Ransomware causes sudden interruptions in the supply of products or services, and companies lose market trust and market share due to data breaches. Cybersecurity is no longer an issue limited to the responsibilities of a company’s IT and technology departments, but has emerged as a critical risk element requiring company-wide response.

Our firm’s CIR Practice fully understands the changing landscape and provides a “one-stop total service” covering the entire range of cyber incidents. Our CIR Practice is comprised of experts with extensive experience in various fields, such as cybersecurity, data privacy, IT/communications, civil/criminal litigation, and government/media relations.

As our client’s trusted counsel, the CIR Practice has assisted clients across various industries recover from cyber incidents. We have a successful track record of providing assistance in relation to regulatory agency investigations, inquiries and litigations. Our CIR Practice is particularly proud of the strong technical analysis capabilities of our firm’s Digital Forensics Team, as well as the vulnerability identification capabilities of our CIR Tech Team, whose members include white-hat hackers.

Throughout all stages of a recovery-and-response triggered by a cyber incident, including the initial “golden-time” response to the detection of a cyber incident, identification of the threat and vulnerabilities, minimization of damages, business recovery, establishment of measures to prevent recurrence and design resilience, communication with stakeholders, and handling disputes and investigations, our CIR Practice helps clients promptly and effectively deal with the security crisis.

View All

Key Servicesshow

Cyber breach incidents have evolved beyond technical issues to pose significant legal and reputational risks for companies. Through close collaboration among our information security experts, IT forensics analysts, and attorneys specialized in data privacy and cybersecurity, our CIR Practice provides a one-stop total service throughout all stages, including prevention and detection of security threats, response to cyber incidents, and post-incident risk management.

One-Stop Services for Crisis Response

When cyber attacks strike, companies face complex and diverse crises in a short period of time. Our CIR Practice provides a “one-stop total service” comprised of the following step-by-step, field-specific solution, covering all areas from cyber incident response, technical analysis, brand protection, compliance with applicable laws and regulations, and handling regulatory investigations.

Cyber Incident Response & Technical Analysis: Our CIR Practice immediately activates a response team at the “golden time” when a cyber incident occurs, enabling our clients to take emergency measures, such as system isolation, evidence preservation, data recovery, and prevention of any potential spillovers. The CIR Practice conducts digital forensics, logging analyses, and vulnerability reproduction tests to clarify technical facts and secure basic data for future regulatory/dispute responses. In that process, the CIR Practice provides actionable insights derived from the hands-on experience of cybersecurity management experts, outstanding technical skills of cyber breach analysts and white-hat hackers, our digital forensics capabilities, and our firm’s global partnerships.
Compliance with Laws and Regulations: Our CIR Practice provides comprehensive support to clients for their compliance with any statutory obligation to file reports with the regulatory authorities at home and abroad in cyber incidents. Rather than simply acting as an agent for the fulfilment of such obligations, the CIR Practice clarifies the key requirements of the Personal Information Protection Commission (“PIPC”), the Ministry of Science and ICT (“MSIT”), and the Korea Internet & Security Agency (“KISA”), thereby preventing penalties resulting from incomplete reporting. For the obligation to file reports with overseas regulatory agencies, our CIR Practice thoroughly analyzes the regulations of each country and works closely with local legal experts to support our clients in establishing an integrated and systematic global response strategy.
Response to Investigations: With respect to fact-finding surveys, on-site investigations, and requests for information by the PIPC, MSIT or KISA, our CIR Practice closely communicates with the relevant case team and responds to their requests in a proactive manner. Through these efforts, we effectively advocate the positions of our clients to the regulators and provide all-out support to minimize the risk of administrative sanctions.
Communication with Stakeholders and Protection of Reputation: Aiming to minimize the impact of cybersecurity incidents on corporate credibility and brand value, our CIR Practice assists companies in developing and implementing strategic communication plans for their response to various stakeholders (e.g., customers and the public, the National Assembly, business partners, and the media), and designs response measures tailored to their needs, including customer support programs.
Response to Legal Disputes: Aiming to minimize the impact of cybersecurity incidents on corporate credibility and brand value, our CIR Practice assists companies in developing and implementing strategic communication plans for their response to various stakeholders (e.g., customers and the public, the National Assembly, business partners, and the media), and designs response measures tailored to their needs, including customer support programs.

Cyber Threat Detection Service

Our CIR Practice not only conducts standardized vulnerability diagnosis, but also identifies high-risk areas of IT systems through black-box based penetration tests that simulate actual hacker penetration routes. Further, the CIR Practice detects signs of potential targeted attacks and enables preemptive responses to such risks, through dark web-based threat monitoring of our clients’ brands, assets, and employee information. Through this technology-based detection system, we provide important insights not only for post-incident response methods, but also for the detection of potential attacks and establishment of containment strategies.

Establishment of a Resilience System

“There are only two types of companies: those that have been hacked, and those that don’t know they have been hacked.” As highlighted by this quote, in today’s world where cyberattacks occur frequently, it is essential for companies to identify risks early, respond quickly, and minimize damage. Hence, companies need a strong resilience system. Our CIR Practice designs security systems tailored to the characteristics of each client’s industry and organizational structure, and supports our clients’ efforts to strengthen resilience in the following areas:

Securing Visibility and Governance: The CIR Practice helps clients improve visibility of cyber risks throughout their organizations and establish internal governance systems and decision-making processes to enable their boards of directors or executive management to clearly recognize and manage security risks.
Simulation Training & Vulnerability Checks: The CIR Practice examines our clients’ security response capabilities and strengthens their actual response capabilities through white-hat hacker based penetration tests and cyber attack simulation training (table-top exercise) with the participation of their executive management.
Cyber Risk Assessment and Strategy Establishment: The CIR Practice identifies vulnerabilities in existing systems and operating environments, comprehensively analyzing legal, technical and operational risks that the clients may face, and suggests appropriate response strategies and priorities.
Compliance with Information Protection Requirements: The CIR Practice assists clients in establishing or maintaining policies, procedures, and organizational structure in accordance with cybersecurity and data privacy laws at home and abroad.

Key Experienceshow

Assisted and represented a major distribution company in on-site investigations and criminal proceedings with respect to personal information leakage.
Advised and represented a telecommunications carrier in administrative, civil, and criminal proceedings with respect to data breach cases.
Advised and represented a large water purifier company in administrative and criminal proceedings with respect to a data breach case.
Assisted and represented a medical information company overseas in on-site investigations and criminal proceedings with respect to the company’s data breach.
Assisted a large online game studio in addressing legal requirements triggered by a cyber incident and represented such company in the subsequent criminal and administrative proceedings.
Advised and represented a large internet portal company in its administrative, civil, and criminal proceedings with respect to a data breach/cyber incident case.
Advised Japanese manufacturers in responding to cyber incidents.
Assisted a capital company in responding to a cyber incident.
Advised and represented an online auction and shopping website operator in civil proceedings stemming from data breach and hacking incidents.
Represented a major Korean commercial bank in civil proceedings with regards to a data breach.
Represented a large Korean game studio in a civil proceedings whereby the counterparty alleged unlawful use of personal information.