Dechert Cyber Bits

IAPP Edition - April 9, 2026

Key Takeaways from the Panel

1. Don’t trust, verify: manipulation of perception is the new tool of threat actors.

• Humans can no longer consistently and reliably identify deepfakes on either voice or video. Tools that enable real-time face substitution during video calls are now widely available. Social engineering campaigns where criminals leverage multimodal deepfakes (e.g., the victims engage with video deepfakes and near-perfect voice clones) can be nearly impossible to detect and mitigate without updated protocols and technologies.

2. Identify the top genAI-enhanced threats for your organization and, where applicable, train your employees on these threats.

3. Build multi-layered governance that includes internal technical controls (e.g., phishing-resistant MFA) and updated technology/policies to address the threat.

• Incorporate internal controls in collaboration with IT, finance, procurement and HR, among others. Consider leveraging out-of-band protocols, liveness verification protocols, and/or challenge-response verification protocols for significant transactions;
• Emphasize controls that improve post-compromise resilience and minimize the blast radius of successful attacks such as just-in-time access controls and privileges, zero standing privileges for agents, data minimization, and network segregation;
• Consider incorporating policies as to if/when AI tools/agents may be used to record, transcribe, and generate notes.

4. Train employees on state-of-the-art deepfakes and genAI-enhanced cyber threats generally (e.g. use of social engineering, IT personnel spoofing, impersonation techniques).

5. Leverage AI for security operations defense to endeavor to match the speed of AI threats.

• The TTPs (tactics, techniques, and procedures) that threat actors leverage to compromise organizations have not changed, but the scale, breadth and speed of cyberattacks have increased dramatically. Generative AI has also greatly increased the technical capability of the average cyber criminal, who now can take advantage of technical offensives that formerly were available only to sophisticated, advanced persistent threats, such as nation-state sponsored attacks;
• Consider potential uses such as continuous autonomous penetration testing, automated vulnerability detection and patching, predictive threat modeling, and automated exfiltration blocking.

6. Review and Update the Incident Response Plan (e.g. incorporate any applicable new policies and use of new technologies; address guidelines for attorney client privilege and attorney work product).

We look forward to seeing you on April 23rd for our next regularly scheduled issue of Cyber Bits.

In 2025, Dechert’s Cyber, Privacy & AI team achieved top individual and group rankings in The Legal 500 and Chambers USA. Global Chair and Partner Brenda Sharton, a Law360 MVP, and Partner Ben Sadun, a Law360 Rising Star, were recognized for their leadership and contributions to the team’s achievements. The team was also recognized in Law.com’s “Litigators of the Week” column for its recent victory for Flo Health, a matter that showcased the team’s strategic excellence. Thank you to our clients for entrusting us with the types of matters that led to these recognitions.

Recent News and Publications

• AI Cyberattacks Call for Company Preparation to Limit Fallout (March 31, 2026)
• Dechert Adds Former Microsoft Cybersecurity Counsel J.J. Jones as Partner (March 11, 2026)
• Wake Up Call: Simpson Thacher misses appeal deadline (March 11, 2026)
• Microsoft Cybersecurity Legal Official Jones Exits for Dechert (March 10, 2026)
• Dechert Appoints J.J. Jones as Partner (March 10, 2026)
• Dechert Continues Lateral Hiring Momentum with Addition of Cybersecurity, Privacy and AI Expert J.J. Jones PR Newswire (March 10, 2026)
• Dechert Lands Ex-Microsoft, Google Atty In San Francisco – Law360 (March 10, 2026)
• Cybersecurity & Privacy Group Of The Year: Dechert – Law360 (February 2026)
• Law360's Practice Group of the Year for Cybersecurity & Privacy – Law360 (January 2026)
• MVP: Dechert’s Brenda Sharton – Law360 (November 2025)
• Litigator of the Week Runners-Up and Shout-Outs – Law.com (August 8, 2025)
• 2025 Rising Star: Dechert's Benjamin Sadun – Law360 (July 21, 2025)

Dechert Cyber Bits Partner Committee

Dechert’s global Cyber, Privacy and AI practice provides a multidisciplinary, integrated approach to clients’ privacy and cybersecurity needs. Our practice is top ranked by The Legal 500 and our partners are well-known thought leaders and sought after advisors in the space with unparalleled expertise and experience. Our litigation team provides pre-breach counseling and handles all aspects of data breach investigations as well as the defense of government regulatory enforcement actions and class action litigation for clients across a broad spectrum of industries. We have handled over a thousand data breach investigations of all types including nation states, ransom/cyber extortion, vendor/supply chain, DDoS, brought by threat actors of all types, from nation-state threat actors to organized crime to insiders. We also represent clients holistically through the entire life cycle of issues, providing sophisticated, solution oriented advice to clients and counseling on cutting edge data-driven products and services including for trend forecasting, personalized content and targeted advertising across sectors on such key laws as the CCPA, CPRA and state consumer privacy laws, Section 5 of the FTC Act; the EU/UK GDPR, e-Privacy Directive, and cross-border data transfers. We also conduct privacy and cybersecurity diligence for mergers and acquisitions, financings, corporate transactions, and securities offerings.

View Previous Issues