The Abstract Ep 105: Punishing the Victim: What's Broken in Cybersecurity Law
What if the legal system punishes the victim instead of the attacker? That question drives Andy Lunsford, founder and CEO of BreachRx, to rethink how companies prepare for and respond to data breaches.
In this episode, Andy joins host Tyler Finn to share his journey from litigation consultant to legal tech entrepreneur—and why he believes incident response should be treated like any other core business process. Separating privileges from factual records to rethinking executive liability, Andy offers practical insights for legal counsels navigating a regulatory maze, rising risk, and increasing accountability.
Read detailed summary: https://www.spotdraft.com/podcast/episode-105
Topics
Introduction – 00:00
Andy’s path into privacy law: From philosophy to shaping early FTC breach cases—02:07
The shift from rare black swan breaches to everyday business risk—6:19
How GDPR’s 72-hour rule changed incident response expectations – 08:54
Founding Beacon Group: bridging litigation, incident response, and expert testimony—13:53
The law punishes victims: why breach response is legally broken—16:53
Defending the defenders: Mental toll and leadership under breach pressure—21:00
Personal Risk in Cybersecurity: Why CISOs and Legal Leaders Need Protection Too – 22:48
How GCs Can Prepare for Breaches: Building Systems, Not Just Plans—27:28
Rising executive accountability: how GCs can protect their teams and companies—32:23
From legal consultant to tech CEO: building BreachRx as a category-defining platform—34:49
The challenge of early-market education and building industry standards—40:52
Rapid-fire Questions—42:35
Connect with us:
Andy Lunsford - https://www.linkedin.com/in/andersonlunsford/
Tyler Finn - https://www.linkedin.com/in/tylerhfinn
SpotDraft - https://www.linkedin.com/company/spotdraft
SpotDraft is a leading contract lifecycle management platform that solves your end-to-end contract management issues. Visit https://www.spotdraft.com to learn more.