Avi Gesser is a partner in Davis Polk’s litigation department and who focuses on cybersecurity issues, white collar criminal defense matters and investigations, and complex commercial litigation.

Which hot topics/hype should be retired at the end of 2017?
The idea from 2017 that should be retired is that some new software innovation is going to solve your cyber-security issues.  Tech is important, but good cybers-security requires attention from everyone in the organization.  Companies are learning that having good cyber policies, procedures, and training is just as important as the latest software.

What do you view as the most important lesson of 2017?
The most important lesson of 2017 in cybersecurity is that delays in breach notification make bad situations worse.

What do you expect to be the skill sets most in demand in 2018?
The most important skill set in 2018 will be cyber-security governance – the ability to significantly reduce an organization’s cyber-risk through non-tech changes to policies, procedures, training, reporting lines, etc.

What changes do you expect to see in 2018?
For cybersecurity, I see three big developments in 2018:

• State, federal, and international regulators are going to get serious about breach notification.  We are going to see demands for increasingly prompt breach notification to both regulators and affected parties, and companies being fined for failing to meet their breach notification obligations.
• The New York Department of Financial Services is going to become a major player in cybersecurity investigations and enforcement, and its new rules will likely become a model for state and federal cyber regulators.
• On the litigation side, class action securities cases are going to become a major issue for companies that have experienced a breach.