Please assume this hypothetical scenario, and "answer" as how an outside counsel of IT would IN REGARDS TO LITIGATION.

The MED Company, a public pharmaceutical company that manufactures and distributes an FDA approved cancer treatment drug, has locations in Los Angeles, Dublin, and Tokyo.

During a routine check of the company's audit logs, the IT team notices that the company's electronic inventory system was accessed by unauthorized individuals five days ago. Apparently, the company's new threat-management system didn't detect unauthorized access, and never sent automated warnings to the IT team.

IT Director mentions that they're working to find the source of the hack and to mitigate any damage experienced within their systems.

The General Counsel of the company calls you a few minutes later and mentions that their IT Director now sees logs indicating the system has been under attack for a very long time, "probably for the last 10 months." The GC mentions, in passing, that the IT Director is "a trooper" and "is working from Starbucks using their son's laptop since they're on vacation."

Upon entering the building, you note that (1) there's no security at the front office, and (2) all doors, including those to the Legal and Finance offices, are unlocked. "We're super open and friendly here," says the GC, winking at you.

You sit down in the GC's office. As you take the first steps to help the company roll out its incident response plan (including a quick check of the company's cyber insurance coverage), additional information is received in rapid succession.This is quickly followed by the CEO rushing into the office and telling you that the FBI just called their office line. Apparently, the FBI believes that the company's system has been hacked and significant data has been exfiltrated. This may include "the formula for the prescription medication, the related drug testing records, records belonging to patients who participated in multiple trials, and personal data of company employees." A team from the FBI is on its way to the company's location to discuss the situation in detail.

The company's Board of Directors has been notified of the situation; they plan on flying to the Los Angeles office tomorrow for an emergency meeting. The only formal agenda item for the Board meeting is how the company will respond to the hack and the related data exfiltration.

How would you respond as outside counsel (from an outside law firm now representing MED).