CYBER RISK & LAW
CYBER RISK & LAW
CityDarker.jpg

About

Passion. Experience. Diligence.


About CYBER Risk & Law


We help risk managers and small businesses understand and manage their Information Security risk. While risk management relies on models of carefully quantifiable predictability, information security is remarkably fluid.  There is little predictability, and the near constant battle with cyber attacks can play havoc with even the most well planned response. We help you to stay ahead of the threats that haunt your business.

Our mission is to provide guidance and advice that all sides can understand - management, risk professionals, information security experts and line employees.  As a long time lawyer, I appreciate the struggle to communicate simply and directly, without legalese, jargon, acronyms and babblespeak. My challenge is to clearly set businesses on the road to cyber risk management, in a manner that helps to reduce risk and earn enterprise wide buy-in. 

I’ve been a lawyer in California for over 30 years, specializing in risk management and information security.  I’ve had a hand in drafting, underwriting, negotiating, analyzing and litigating insurance policies, technology contracts and internet facing communiques.  I’ve represented insurance companies and insureds in sensitive security breaches and I’ve overseen data breach responses. I know the cyber insurance market and I know the business case for both managing and transferring cyber risk.  And while I don’t know everything, I have a passion to learn.  If any of my articles or commentaries spark an interest in you, send me a note.  I’m always open to new insights and critiques.

—David Chavez

J.D., CRSIC


Founder David Chavez

75 copy.jpg

Throughout my legal career, I’ve been drawn to legal and business issues affecting technology and information security. I enjoy helping clients grow and take seriously the business challenges of an evolving world of information technology. I’ve worked for start-ups and multi-billion dollar global companies, and lots of folks in between. I’ve drafted and negotiated scores of technology contracts and defended them in court. I’ve authored privacy policies and notices and evaluated technology risks. I’ve underwritten cyber and technology E and O policies and navigated claims filed under those policies. I’ve even mediated some nasty matters.

I founded CYBER Risk & Law because helping people is my passion and I know how hard it is to understand the technology world, especially when you didn’t grow up in it, don’t speak the language and can’t seem to relate to those that do.

I’m easy to reach and ready to help. I look forward to meeting with you and your colleagues and helping through CYBER Risk & Law services.




Education

MCGEORGE SCHOOL OF LAW
Juris Doctor Member, Moot Court Honors Board

UC SANTA BARBARA
B.S. Political Science

PROFESSIONAL LICENSES | CERTIFICATIONS

  • Attorney, California State Bar No. 117593

  • Licensed Insurance Broker, California Department of Insurance, No. 0F33823

  • Certified in Risk and Information Systems Control (CRSIC)

Experience

  • Litigated business and technology disputes before state and federal courts.

  • Managed the litigation and outbound licensing for a $2B software company.

  • Established a risk management department and risk review processes.

  • Underwrote errors and omissions and privacy insurance policies for scores of technology and biotech companies.

  • Supervised responses to information security attacks and data breaches.

  • Authored privacy notices, information technology policies, training programs, risk assessments and compliance reviews.

  • Mediated business and insurance disputes.

  • Delivered presentations at insurance industry conferences on privacy, information security and cyber risk.