BREACH HOTLINE
844-885-1574

Professionals

Carolyn Purwin Ryan

Partner & Co-Chair Litigation
426 W. Lancaster Avenue, Suite 200
Devon, PA 19333

Office: (267) 930-6836

Education

Villanova University School of Law
Master of Law, Taxation

Villanova University School of Law
Juris Doctor

Georgetown University
Bachelor of Science, Health Studies

Admission

  • Pennsylvania
  • U.S. District Court for the Eastern District of Pennsylvania
  • U.S. District Court for the Middle District of Pennsylvania
  • U.S. District Court for the Western District of Pennsylvania
  • New Jersey
  • U.S. District Court for the District of New Jersey
  • U.S. Tax Court

Practice Areas

Professional Memberships

  • American Bar Association (ABA) – Vice-Chair, Tort Trial & Insurance Practice Section’s (TIPS) “Cybersecurity and Data Privacy General Committee”
  • American Health Lawyers Association (AHLA)
  • Defense Research Institute (DRI)
  • International Association of Privacy Professionals (IAPP)
  • Pennsylvania Bar Association (PBA)

Carolyn Purwin Ryan is a Partner at Mullen Coughlin and Co-Chair of the Litigation practice. She focuses her practice on defending organizations in single-plaintiff and class action litigation against claims related to violations of various data privacy statutes and regulations. She is licensed to practice in Pennsylvania federal and state courts, as well as those in New Jersey.

Her experience serving as national coordinating counsel and trial counsel for both U.S. and international organizations allows her to effectively and efficiently coordinate a defense to obtain a favorable resolution for her clients.

In addition to her litigation practice, Carolyn also serves as Breach Counsel for organizations suffering (or who have suffered) through a data privacy and security incident. This includes incidents such as ransomware attacks; business email compromises and fraudulent wire transfers; inadvertent disclosures; and other unauthorized network intrusions. As Breach Counsel, she leads the response and investigation into incidents while coordinating third-party vendor support such as digital forensics; data mining; law enforcement reporting and liaising; and public relations, notification and identity/credit monitoring. She also assists her clients in responding to subsequent regulatory investigation from state, federal and industry-specific regulators. While generally industry-agnostic, she routinely represents organizations in the financial services; manufacturing and distribution; healthcare and life sciences; professional services; retail; and technology industry groups.

She also devotes her practice to assisting organizations with implementing pre-incident and proactive Advisory Compliance solutions such as incident response planning and Incident Response Plan (IRP) development, the provision of data privacy and security tabletop exercise and assessment of legal and regulatory compliance requirements related to data privacy and information security.

Carolyn is often sought after by firm clients and partners, as well as national and international organizations, to speak and present at regional, national and global conferences and events. She routinely speaks on panels with incident response vendors and cyber insurance carriers and brokers to provide insights into data privacy and security incident response, cyber insurance, data breach litigation trends and general cyber resilience.

As a leader in data privacy and security law and incident response, Carolyn was awarded the “Cyber Risk Industry Person of the Year – Attorney” award by Zywave in 2024 and named a Pennsylvania “Rising Star” by SuperLawyers in 2018 and 2019.

Prior to joining Mullen Coughlin, Carolyn was the Co-Chair of the Cybersecurity and Data Privacy Department at her previous firm. She previously clerked for the Honorable Joseph Rosa in the Superior Court of New Jersey and Honorable Richard Berman in the United State Court, Southern District of New York.

SPEAKING ENGAGEMENTS & PRESENTATIONS

  • “Living Through the Nightmare: A Cyber Incident Response Tabletop Exercise,” ClaimsXchange Annual Conference 2025, Philadelphia, PA, October 9, 2025
  • “What Happened to Doomsday,” Florida RIMS’ 2025 Educational Conference, Naples, FL, July 30, 2025
  • “Regulatory Environment – International, Federal, and State Breach & Privacy Laws,” ClaimsXchange 2025 Cyber Claims Academy, Chicago, IL, July 17, 2025
  • “Invest in the Expense: Implementing Cyber Coverage to Combat the Ever-Evolving Risk Landscape,” CLM Annual Conference 2025, Grapevine, TX, April 11, 2025
  • “Hot Cyber Data Breach and Privacy Litigation Issues,” 13th Annual Cyber Liability Insurance ExecuSummit, Uncasville, CT, March 12, 2025
  • “Balancing Legal Caution With Effective Incident Response,” CyberLawCon, Arlington, VA, February 28, 2025
  • “Innovations & Insights: Cybersecurity Threats and Trends 2025,” 2025 AFSA Vehicle Finance Conference & Expo, New Orleans, LA, February 22, 2025
  • “2025 Claims & Losses Update,” 2025 NetDiligence Cyber Risk Summit, Miami Beach, FL, February 11, 2025
  • “Protecting Your Clients: A Guide to Cyber Insurance Essentials,” Law & Forensics, Virtual, January 20, 2025
  • “Bring Predictability to the Unpredictable: Reduce Spiraling Costs for Incident Response,” Intelligent Insurer, Virtual, November 19, 2024
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Valley Forge, PA, October 30, 2024
  • Loss Trends in Cyber Liability Insurance,” AM Best, Virtual, October 17, 2024
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Irvine, CA, October 10, 2024
  • “How Did Fraud Rise to the Top of Bank Risk for 2024?,” Bank Holding Company Association (BHCA) 2024 Fall Seminar, October 7, 2024
  • “2024 Claims & Losses Update,” 2024 NetDiligence Cyber Risk Summit, Philadelphia, PA, October 1, 2024
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Arlington, VA, September 24, 2024
  • “Living Through the Nightmare: An Interactive Exercise on a Cyber Incident,” Louisiana CFMA Construction Conference, New Orleans, LA, August 8, 2024
  • “Crisis Communications – Communicating with Law Enforcement, Customers, Clients, and Employees During a Breach,” ClaimsXchange 2024 Cyber Claims Academy, Chicago, IL, July 17, 2024
  • “Cyber Claims Overview — Ransomware, BEC, Etc.,” ClaimsXchange 2024 Cyber Claims Academy, Chicago, IL, July 17, 2024
  • “Regulatory Environment – International, Federal, and State Breach & Privacy Laws,” ClaimsXchange 2024 Cyber Claims Academy, Chicago, IL, July 17, 2024
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, St. Louis, MO, June 27, 2024
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Nashville, TN, June 6, 2024
  • “Optimize Cyber Resiliency and Security Operations,” Cohesity, Radnor, PA, June 5, 2024
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Tampa, FL, June 4, 2024
  • “Security Incidents: Learning From Mistakes,” RIMS RISKWORLD 2024, San Diego, CA, May 6, 2024
  • “Payments,” IST’s 24 in ’24: Doubling Down on the Ransomware Task Force Recommendations, Washington, DC, April 24, 2024
  • “Threat Evolution and Claims Complexity,” Zywave 2024 Cyber Risk Insights Conference, London, UK, April 18, 2024
  • “Electronic Excellence: Protecting the Digital Integrity of Settlements,” 2024 CLM Annual Conference, San Francisco, CA, April 4, 2024
  • “State of the Market,” 12th Annual Cyber Liability Insurance ExecuSummit, Uncasville, CT, March 19, 2024
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Salt Lake City, UT, February 27, 2024
  • “Creating a Cyber Security Risk Mitigation Plan,” AgSafe Food & Farms ACTIVATE24, Monterey, CA, February 21, 2024
  • “Staying Ahead of the Curve in a Turbulent Cyber Market,” RIMS Atlanta 2024 Educational Conference, Atlanta, GA, February 2, 2024
  • “State of the Market,” Cyber Insurance Academy, Virtual, January 31, 2024
  • “Sleep Better at Night: Executing a Resilient Cyber Program,” American Financial Services Association (AFSA) Vehicle Finance Conference, Las Vegas, NV, January 31, 2024
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Kansas City, MO, October 20, 2023
  • “2023 Claims & Losses Update,” NetDiligence Cyber Risk Summit 2023, Beverely Hills, CA, October 17, 2023
  • Cyber Readiness: 5 Critical Steps for Your Organization,” Travelers Institute, Virtual, October 11, 2023
  • “1:1 with a Breach Coach, “AQ Cybersecurity Summit, Canton, MA, October 5, 2023
  • “State of the Market: The Loss Landscape,” Zywave 2023 Cyber Risk Insights Conference, New York, NY, September 27, 2023
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, San Ramon, CA, September 19, 2023
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Atlanta, GA, September 12, 2023
  • “Cyber Insurance 101: Handbook for Attorneys and Their Clients,” Law & Forensics, Virtual, August 23, 2023
  • “Cyber Third-Party Litigation,” 2023 CLM Claims College, Baltimore, MD, August 18, 2023
  • “Complex Coverage Issues: Aggregation, Excess and Reinsurance,” 2023 CLM Claims College, Baltimore, MD, August 17, 2023
  • “Anatomy of a Data Breach,” 2023 CLM Claims College, Baltimore, MD, August 17, 2023
  • “Claims Trends and Incident Response,” intouchLive Cybersecurity and Data Privacy Symposium, New York, NY, July 14, 2023
  • “Law Firm Hacks: The Ethical and Other Implications of a Data Security Incident at Your Firm,” American Bar Association (ABA) Tort Trial and Insurance Section (TIPS) Conference, New York, NY, May 3, 2023
  • “Social Engineering: What Is It? Should You be Worried About It? How Can You Mitigate Your Risk of an Incident?,” Brown & Brown Webinar, Virtual, April 26, 2023
  • “Managing Insurance Issues Before and After a Cyber-Attack,” Incident Response Forum Masterclass 2023, Virtual, April 20, 2023
  • “All About Claims,” Zywave Cyber Risk Insights Conference London 2023, London, UK, April 19, 2023
  • “Cyber, Confidentiality, and Compliance…Oh My!,” 2023 CLM Annual Conference, Tampa, FL, March 30, 2023
  • “State of the Market,” 11th Annual Cyber Liability Insurance ExecuSummit, Uncasville, CT, March 21, 2023
  • “Cyber Liability Claims,” 2023 PLUS Cyber Symposium. New York, NY, February 14, 2023
  • “A Blended Perspective from Law, Insurance, IT & Security,” Cohesity and Presidio Best Practice Sharing Session, King of Prussia, PA, November 15, 2022
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Los Angeles, CA, October 13, 2022
  • “2022 Claims & Losses,” 2022 NetDiligence Cyber Risk Summit, Santa Monica, CA, October 11, 2022
  • “Cyber Event Tabletop Exercise,” 2022 CLM Claims College, Baltimore, MD, September 9, 2022
  • “Understanding Cyber Risks and Ransomware,” Louisiana CFMA Construction Conference, New Orleans, LA, August 4, 2022
  • “The Zero Trust Approach: A Comprehensive Guide on Leveling Up Your Cybersecurity Programs,” The Knowledge Group, Virtual, May 24, 2022
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Denver, CO, April 29, 2022
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Chicago, IL, April 27, 2022
  • “Incident Response: Cyber Insurance Issues,” Incident Response Forum Masterclass 2022, Virtual, April 21, 2022
  • “Proactive Preparation – Cybersecurity Frameworks and How They Help,” 10th Annual Cyber Liability Insurance ExecuSummit, Uncasville, CT, March 22, 2022
  • Cyber Claims & Losses Updates,” 2022 NetDiligence Cyber Risk Summit, Fort Lauderdale, FL, January 31, 2022
  • “Cyber Claim Trends, Regulatory & Incident Response,” McGriff, Virtual, January 25, 2022
  • Ransomware and Cyber Insurance,” Incident Response Forum Ransomware 2022, Virtual, January 13, 2022
  • “Keeping Up With Cybersecurity Challenges,” Kroll’s Network of Women (NOW), Virtual, December 2, 2021
  • How Do We Really Solve Ransomware,” 2021 Advisen Cyber Risk Insights Conference, Virtual, October 20, 2021
  • State of the Cyber Market,” The Graham Company, Virtual, September 15, 2021
  • “Cyber Event Tabletop Exercise,” 2021 CLM Claims College, Baltimore, MD, September 10, 2021
  • “A Heavy (and Expensive) Burden: Managing Data in the Age of Data Privacy Legislation,” 2021 Annual CLM Conference, Atlanta, GA, August 12, 2021
  • “Preparation For, and Management Of, Catastrophic Cyber Events,” 9th Annual Cyber Liability Insurance ExecuSummit, Uncasville, CT, May 12, 2021
  • “Cyber Law Update 2021,” Pennsylvania Bar Institute, Virtual, April 29, 2021
  • “Ransomware,” Olympia Insurance Spring Risk Conference, March 25, 2021
  • “Living Unapologetically,” WINCiyght, March 9, 2021
  • “Building Cyber Confidence,” S-RM, Virtual, February 18, 2021
  • “Ransomware: Where Do We Go From Here,” American Bar Association, February 12, 2021
  • “Cyber Insurance and the Legal Aspects Related to a Breach,” Miami Finance Forum CISO Roundtable, Virtual, February 11, 2021
  • “International Claims Management,” NetDiligence Conference, November 2020
  • “Ryuk, Maze, Sodinokibi, Conti…OH MY!,” Advisen, October 21, 2020
  • “Cybersecurity Tabletop,” Crittenden Medical Conference, October 2020
  • “Recent Cyber Updates,” Chubb Claims Review, June 2020
  • “Preparing, Responding and Recovering from a Cyber Incident,” The Knowledge Group, March 2020
  • “Understanding Cyber Risks and Ransomware,” Construction Financial Management Association, November 2019
  • “Anti-Hacking and Privacy Laws for Businesses: Rights and Remedies,” Knowledge Group, June 2019
  • “Electronic Discovery and Data Breaches,” NetDiligence, Junto News, August 27, 2019
  • “Cybersecurity Tabletop Exercise,” AICC Box Summit, August 2019
  • “Law Firms: Are They the Next Industry to Become a Cyber Breach Target?,” USI Affinity, 2018
  • “Cybersecurity Best Practices,” Dispute Resolution Institute, 2018
  • “Fighting the Cyber War: How to Protect Yourself and the Companies you Represent,” PA I Day, August 2018
  • “Cybersecurity: To Cloud or Not to Cloud,” USI Affinity, August 2018
  • “Claims: Cyber Intruders Target Insurance Legal Community,” AM Best, August 2018
  • “Cost of a Data Breach,” NetDiligence Conference, 2018
  • “Top Ten Practice Pointers for Dealing with Electronic Discovery,” HB Litigation, 2017

PUBLICATIONS

AWARDS & HONORS

  • Zywave “Cyber Risk Industry Person of the Year – Attorney” (2024)
  • Pennsylvania SuperLawyers “Rising Star” (2018, 2019)