Kevin Scott, a shareholder with Greenberg Traurig, sat down for a video interview during Nareit’s REITwise: 2025 Law, Accounting & Finance Conference in San Antonio on March 25-27.
Scott emphasized the importance of preparation in facing cyber incidents. He highlighted that one of the most critical steps a company can take is having a comprehensive incident response plan. This plan should list key personnel, contact information, backup contacts, insurance details, and designated legal counsel.
“You want to have it saved on a computer, but also a printed copy somewhere, because obviously cyber incidents may lock up your access to getting the document,” he said.
Scott also urged companies to conduct regular tabletop exercises to test their readiness and identify gaps. Many insurance carriers, he noted, provide free resources for this kind of training.
When it comes to compliance, Scott explained that public companies must report material cybersecurity events within four business days under SEC rules.
He added that costs associated with a cyber breach can be substantial and may include legal counsel, computer forensics, notification to affected individuals, and business interruption. Scott stressed the importance of reviewing cyber insurance policies to ensure proper coverage and to understand both what is included and what obligations the company has in the event of a breach.