Craig Hoffman

Partner, BakerHostetler

Craig Hoffman is a digital risk advisor engaged to guide clients on issues related to use of technology and data. He is well known for using his litigation experience and insights from helping entities address thousands of security incidents to develop prioritized privacy and cybersecurity strategies and effectively respond to security incidents. Visibility to what allows incidents to occur, outcomes of decisions made and measures taken to improve going forward from security incidents of all sizes enables Craig to immediately forecast what is coming, offer prioritized recommendations and then operationalize decisions into actions.

Craig co-leads the Digital Risk Advisory and Cybersecurity team – a team that helps entities address hundreds of security incidents a year and the resulting regulatory and litigation matters that follow. Clients turn to Craig to address the privacy compliance, operational and security related enterprise risks generated by their use of technology, such as data security incidents, post-incident regulatory defense and litigation, payment card network assessments, post-incident security enhancements, incident response preparedness, security and risk assessments, technology contracts and due diligence related to transactions.

In particular, Craig is internationally known as a go-to attorney for payment card security incidents after leading over 200 entities through payment card security incidents and the resulting PCI DSS revalidation process and payment card network liability assessments. Additionally, he has extensive experience with retail, restaurant, hospitality, financial services and technology companies.

Craig has conducted hundreds of incident response training and cybersecurity exercises for incident response teams, executive teams and boards of directors. These sessions help clients contextualize the critical issues and decisions they will face in an incident so they can identity how to build plans that will allow them to respond in a way that meets organizational goals, minimizes risk and protects key relationships.

Craig is ranked in Chambers USA: America’s Leading Lawyers for Business and the Legal 500, was chosen for the Cybersecurity Docket “Incident Response 30” and has been selected multiple times as an Acritas Star and BTI Client Service All-Star. He is a featured speaker on topics such as reasonable security, incident response and other digital risk areas.