Amidst mounting pressure to pursue cybersecurity more aggressively, the Federal Trade Commission (“FTC”), the federal government’s most active enforcer in the space, has recently imposed increasingly stringent cybersecurity requirements in its consent orders. Given that FTC consent orders typically carry 20-year terms and a potential fine of $42,530 (which the FTC may contend applies to each consumer subject to a breach), it is vital for companies faced with an FTC cybersecurity investigation to take every possible step to narrow the scope of relief requested by the FTC. Several recent FTC cybersecurity settlements illustrate an emerging pattern: a company that litigates may secure a better deal than it would have received in an initial settlement, if not defeat the action entirely. But when considering whether to settle or litigate with the FTC, companies must still balance the various legal, business, and reputational risks at stake.
Monica A. Svetoslavov
Monica Svetoslavov is an associate in the Washington, D.C., office and a member of the firm's Litigation practice group.
Monica's practice includes representing multinational corporations in litigation involving commercial, antitrust, cybersecurity, and intellectual property issues.
Prior to and during law school, Monica worked as a consultant on economic issues in mergers and antitrust litigation. She also worked as a senior research analyst on macroeconomic forecasting at the Board of Governors of the Federal Reserve.