I was very interested to read this article by Leah Parsons, Ericka Johnson and Colin Jennings from Squire Patton Boggs looking into whether cyber breach reports are subject to discovery in the US.
This is often a factor that can be overlooked in the heat of a response, but as the article sets out, it is very important to consider to protect work product.
Due to the growing prevalence of data breaches and ransomware attacks, courts have been forced to interpret and nuance privilege in the context of post-breach forensic reports. One major consideration in the context of data breach litigation strategy is how to protect forensic reports prepared by outside forensic firms from discovery in civil litigation. If the forensic report is discoverable, it could be used by the opposing party and ultimately become part of the public record in litigation.