David Simon is co-head of Skadden’s global Cybersecurity and Data Privacy Practice and a member of the firm’s National Security Group. He has deep experience helping boards and executive teams navigate rapidly evolving legal compliance issues involving cybersecurity, AI and privacy.
Formerly a Pentagon special counsel and chief cyber counsel to the U.S. Cyberspace Solarium Commission, Mr. Simon regularly assists clients as the lead investigator and crisis manager for high-stakes, cross-border incidents involving cyberattacks, data breaches and extortion, and AI, and handles related internal investigations and regulatory defense.
Mr. Simon has dealt with some of the most significant cyber incidents on an international scale. His experience includes advising victims of state-sponsored cyber activity, ransomware and other cyber extortion attacks, as well as breaches of health information, sensitive government information, intellectual property and personal data. Dual qualified to practice in the U.S. and the EU, he often represents global companies in connection with cyber incidents requiring analysis of breach reporting obligations under U.S. and EU law, including the EU General Data Protection Regulation (GDPR) and investigations by European data protection authorities. He has counseled companies on major cyber incidents and incident preparedness across virtually every industry, including financial, health care, energy, chemical, defense and aerospace, telecommunications and hospitality.
Mr. Simon is known as a go-to cyber and privacy counsel to leading global private equity sponsors and their portfolio companies, stepping in to serve as cyber counsel and incident commander when portfolio companies face ransomware or other disruptive cyberattacks. He frequently counsels boards, C-level executives and other management as they address cyber vulnerabilities and breaches, and manage associated legal, regulatory and reputational consequences. In recent years, Mr. Simon has convened regular roundtables with CISOs, CIOs and CTOs from leading global private equity firms and their portfolio companies to assess trends and risk management strategies concerning cybersecurity, AI and privacy.
With years of experience working in data protection privacy compliance, Mr. Simon often advises clients on complex regulatory issues involving the collection, storage, use, transfer and sharing of personal and other sensitive data. He counsels clients on data governance and privacy compliance with HIPAA, ECPA, CCPA/CPRA, EU GDPR and a range of EU laws governing data protection and technology supply chain risk management.
Mr. Simon is widely known for his experience regarding the legal and policy issues at the intersection of cybersecurity, privacy, AI and national security. In addition, he has significant experience with the evolving cybersecurity and privacy legal framework applicable to the internet of things (IoT) and product cybersecurity, operational technology (OT) and industrial control systems (ICS).
He has been recognized by Chambers USA for his “global, holistic view of the cybersecurity world,” The National Law Journal as a Cybersecurity & Data Privacy Trailblazer, The Legal 500 for his “extensive experience of cyber incidents and investigations” and repeatedly as part of Cybersecurity Docket’s Incident Response 50 (including in its 2024 edition), a collection of some of the “best and brightest” incident response attorneys in the country. In addition, he has been named one of Lawdragon’s 500 Leading Global Cyber Lawyers and 100 Leading AI & Legal Tech Advisors.