March 28, 2018


Effective partnerships between the business community and law enforcement are critical in defending U.S. national and economic security from cybercrime. Malicious actors continue to develop advanced attacks aimed at breaching systems and stealing data or holding information ransom, which can impact an organization’s financial bottom line and damage its brand or reputation. With the rapid development of new technologies and Internet of Things (IoT) devices, businesses face new challenges when protecting their enterprises, products, and consumers. While there are many best practices and measures that should be implemented to secure digital assets, collaborating with law enforcement should be a top priority.

Cyber incidents to businesses of all sizes should be reported to law enforcement as soon as possible. Cooperation and information sharing with proper authorities both increases the likelihood of attribution for that business and, in many cases, can lead to further prevention by notifying other potential targets of the threat. However, if a business is not accustomed to working with law enforcement, this can lead to uncertainty as to which is agency is the appropriate contact and at which level of government. “The best time to engage law enforcement is before you have a digital disaster. Often times the first time a company is meeting their FBI cyber team is when they are knocking at their door to notify them their company is a victim of a data breach. Work early and often with law enforcement, they can often be another layer of offense alerting you to digital break-ins occurring across the globe and can provide practical steps to avoid becoming the next victim,” said Theresa Payton, Former White House CIO and CEO of Fortalice Solutions. Businesses can get ahead of this challenge by establishing relationships with law enforcement officers at the federal, state, and local levels before an incident occurs. The FBI and the Secret Service have field offices located in cities across all 50 states and dedicated task forces to partnering with industry. State police departments have formed cyber command centers designed to coordinate emergency response to critical cyber incidents. Local police departments are standing up cyber units and can help inform other agencies as required. Law enforcement agencies at all levels realize the significance of cyber threats posed by malicious actors and rely on partnering with businesses to combat these crimes on the federal, state, and local levels. “Along with adopting the National Institute of Standards and Technology’s Cybersecurity Framework and developing an internal cyber incident response plan, knowing how to engage with law enforcement should form a key element of any organization’s efforts to manage their cyber risk effectively,” said Michael Daniel, President and CEO of Cyber Threat Alliance. Download the full white paper.


  1. Cultivate trusted and bi-directional relationships with state and/or federal law enforcement and U.S. attorney points of contact.
  2. Join a cyber information sharing organization like lnfraGard.
  3. Develop, exercise, and update a cyber incident response plan.
  4. Ensure legal counsel is familiar with the organizations cyber risk management and incident response plan and responsibilities interacting with government agents.
  5. Contact law enforcement at any point during incident response for suspected criminal activity.