• AE
Choose your location?
  • Global Global
  • Australian flag Australia
  • French flag France
  • German flag Germany
  • Irish flag Ireland
  • Italian flag Italy
  • Polish flag Poland
  • Qatar flag Qatar
  • Spanish flag Spain
  • UAE flag UAE
  • UK flag UK
  • AE
Choose your location?
  • Global Global
  • Australian flag Australia
  • French flag France
  • German flag Germany
  • Irish flag Ireland
  • Italian flag Italy
  • Polish flag Poland
  • Qatar flag Qatar
  • Spanish flag Spain
  • UAE flag UAE
  • UK flag UK

Cyber Incident Services

We pair an AI-driven data mining solution with world class review teams to respond to clients’ cyber incidents in the United States quickly and effectively.

GET IN TOUCH
Why use our Cyber Incident Services?
Latest insights
Contact the Legal Operations team
Our approach is catered to meet the needs of cyber counsel, its clients and insurance carriers. We customise playbooks to comply with your applicable regulations and preferred practices to offer a true partnership and transparent services in cyber event resolution from our global delivery centers. 

Why use our Cyber Incident Services?

Responding to cyber incidents efficiently requires a compelling combination of top-of-the-line software in Canopy and our proprietary data culling and sorting methodology. Together, we determine the most refined and accurate document review populations in the industry. 

Benefits of our service include:

Cyber Incident Services

Our technology-driven program goes beyond traditional cyber review to offer the best of data-mining technology combined with data analysis, identification, and extraction methods with human led QC verification. With precise price estimates blended with fixed cost pricing to ensure budget predictability and no surprise increases, we provide a holistic approach to cyber incident resolution. 

  • Cyber Incident Services
    Tax data on laptop tab image

    Cyber Incident Services

    • Canopy AI assisted data mining
    • Data Processing, Analysis, and Refinement
    • Data Entry De-Duplication and Notification List Creation
    • PII/PHI Identification and Classification
    • Programmatic review and extraction
  • Technology driven
    DP and cyber tab image

    Technology driven

    • Internal Canopy Processing

    • Internal Canopy PII/PHI Element and PII/PHI Trigger Detection

    • Internal Canopy Email Threading

    • Internal Exact File Duplicate Identification

    • Document Review Tagging and User-Friendly Application-Assisted Data Entry

    • Document Mapping and Extraction Function for Complex Documents

    • Focused Likely Error Identification

    • Internal Canopy Entry Consolidation

    • Comprehensive QC Review of Output

  • Additional solutions
    Abstract thinking tab image

    Additional solutions

    • Additional Preliminary Data Analysis Methods and Applications
    • Programmatic Data Extraction Tools
    • Additional Entity De-Duplication/Consolidation Analysis and Merging Tool
    • Programmatic Metadata and Data Analysis
    • Supplemental STRs
    • Review Programmatic Analysis for Opportunities to Programmatically Review
    • Programmatic Review and Extraction
    • QC Verification of Programmatic Extraction
    • Focus on Continuous Training and Improvement for Manual Review Team
    • Data Entry Issue Identification and Reconciliation
    • Transparency on Deduplication/Consolidation Decision
    • Programmatically Identify De-Duplication Issues and Resolve Them

Case Studies

Mental Health Service Provider

A cyber incident potentially exposed thousands of documents containing privacy-related information.

 

Mental Health Service Provider

Close

Client situation

Our client, a Mental Health Service Provider, was the victim of a cyber incident, potentially exposing thousands of documents containing privacy-related information. As the information contained Personally Identifiable Information (PII), as well as specific Protected Health Information (PHI) covered by HIPAA, the client needed to identify which information was exposed in the incident, and notify victims, but needed to reduce a review population which contained nearly 40,000 documents.  

DWF's solution

DWF combined data mining software Canopy programmatic data refinement processes to create an efficient solution. DWF first utilised Canopy to identify and classify all types of PII/PHI, which reduced the review population by more than half. The cyber review team then extracted all information and standardised the outputs, such as inconsistent spellings of names, and presented the client with a clean notification list. 

 

Benefits & cost savings 

  • DWF’s programmatic review capabilities reduced the review population by more than half, even with higher numbers of PHI exposed.
  • DWF’s data refinement processes ensured a high quality of review and extraction, meaning the client had confidence in the final notification list.
  • DWF’s best-shore review model ensured an effective solution for a client facing resource constraints and cost challenges.
Close

K-12 School District

A cyber incident exposed student records and other Personally Identifiable Information.
 

K-12 School District

Close

Client situation

Our client, a K-12 school district, was the victim of a cyber incident, exposing student records and other Personally Identifiable Information (PII). In additional to typical data protection and privacy laws and regulations, education providers are subject to additional educational data protection and privacy laws (FERPA); therefore, the client needed to identify individuals whose both PII and personal education information was exposed notify those subjects to the incident. The client also needed to create separate notices for each listing the types of compromised FERPA information and containing the actual source documents.

DWF's solution

DWF combined data mining software, Canopy programmatic data refinement processes, and PII and FERPA information detection models to create an efficient solution. DWF first utilised Canopy to identify and classify all types of PII and personal education information which reduced the review population by more than 80%. The cyber review team then extracted all information and removed all false positives, further reducing the population for the client’s notification list. DWF created an index and repository of source documents to pair with the list, providing the client with access to the exact document with exposed information. The team also generated notification letters for each individual with exposed FERPA information that included the actual source documents as enclosures. (For documents containing more than one individuals’ personal information, DWF also redacted all but the addressed individual’s information).

 

Benefits & cost savings 

  • DWF’s programmatic review capabilities reduced the review population by more than 80%, even with FERPA protections creating additional PII classifications. 
  • DWF’s value-add services such as providing a source document index and writing notification letters enabled the client and their law firm to focus on high level matters.
  • DWF’s best-shore review model ensured an effective solution for a client facing resource constraints and cost challenges.
Close

Suburban Municipal Government

A cyber incident targeted a suburban municipal government compromising more than 150 gigabytes of data.  

 

Suburban Municipal Government

Close

Client situation

A cyber incident targeted a suburban municipal government compromised more than 150 gigabytes of data. Given the large volume of exposed information, the client needed to significantly reduce the review population, identify individuals whose personal information was exposed and generate a complete list of these individuals. This presented a large task for a government client with limited resources that needed to focus on other pressing matters matters related to the cyber incident and running a government. We worked with the client and its cyber counsel, Lewis Brisbois Bisgaard & Smith to effectively and efficiently resolve this issue. 

DWF's solution

Due to the large nature of the incident, the initial review population was nearly 210,000 documents. Utilising data mining software and customized detection models, DWF identified and classified documents containing relevant  individual personal information, which reduced the review population by nearly 80%. Working from the significantly reduced  document review population of approximately 16,000 documents, DWF expedited through programmatic data review and promptly delivered a clean notification list to client and counsel. 

 

Benefits & cost savings 

  • DWF’s scalable cyber incident team enabled a quick turnaround from initial review through to notification list delivery, even with a large beginning data population. 
  • DWF’s data mining software capabilities, detection models, and programmatic review solutions ensured all pertinent personal information was identified and classified without false positives and redundancies on the final list. 
  • By entrusting DWF with reducing the review population and generating the notification list, the client and their partners were able to focus on other matters related to the cyber incident. 
Close

Latest Insights

Cybersecurity incidents in education: How DWF’s Legal Operations team ensures swift and effective response
Insights
Cybersecurity incidents in education: How DWF’s Legal Operations team ensures swift and effective response 21 Mar 2025

The education sector is a prime target for cybercrime, with institutions storing vast amounts of Personally Identifiable Information (PII) and Protected Health Information (PHI). When a cybersecurity incident occurs, timely and accurate detection, review, and mitigation are critical to minimize legal, financial, and reputational risks. 

 
Post-launch product management in legal tech: The consultant's journey
Insights
Post-launch product management in legal tech: The consultant's journey 26 Feb 2025

In this article, Kanishk Sharma, explores post-launch product management in legal tech, detailing nine crucial strategies from monitoring and user support to continuous improvement, emphasising that successful implementation requires ongoing dedication beyond the initial launch.

 
DWF leaders to join NetDiligence Cyber Risk Summit 2025 in Miami
Insights
DWF leaders to join NetDiligence Cyber Risk Summit 2025 in Miami 04 Feb 2025

DWF is attending the 2025 NetDiligence Cyber Risk Summit in Miami Beach from 10-12 February. James Manari and Thomas Morse will share insights on DWF’s innovative cyber response solutions and engage with industry leaders on emerging risks.

 
See our Legal Operations Insights & Case Studies

Contact the Legal Operations team

Get in touch with the contact form or the details below

E

Get in touch