Carolyn Purwin Ryan

426 W. Lancaster Avenue, Suite 200
Devon, PA 19333

Office: (267) 930-6836


Villanova University School of Law
Master of Law, Taxation

Villanova University School of Law
Juris Doctor

Georgetown University
Bachelor of Science, Health Studies


  • Pennsylvania
  • U.S. District Court for the Eastern District of Pennsylvania
  • U.S. District Court for the Middle District of Pennsylvania
  • U.S. District Court for the Western District of Pennsylvania
  • New Jersey
  • U.S. District Court for the District of New Jersey
  • U.S. Tax Court

Practice Areas

Professional Memberships

  • American Bar Association (ABA) – Vice-Chair, Tort Trial & Insurance Practice Section’s (TIPS) “Cybersecurity and Data Privacy General Committee”
  • American Health Lawyers Association (AHLA)
  • Defense Research Institute (DRI)
  • Pennsylvania Bar Association (PBA)

Carolyn Purwin Ryan is a Partner at Mullen Coughlin. She serves as breach counsel and provides third-party privacy defense legal services. She also aids clients in incident response planning, including tabletop exercises, assessment of regulatory compliance requirements and inquiries from regulators on both the state and federal levels. Ms. Ryan serves as a breach counsel to companies in various areas including healthcare institutions, construction companies, managed service providers, municipalities, professional services, retail, technology and financial institutions. She leads response investigations, guidance in governmental investigations, mitigation and restoration services. Ms. Ryan counsels clients on development of risk assessment policies, vendor agreement analysis and implementation of data privacy practices.

Prior to joining Mullen Coughlin, Ms. Ryan was the co-chair of the Cybersecurity and Data Privacy department at her previous firm. She also served as national counsel for several state and federal mass tort litigations representing manufacturers and distributors of pharmaceuticals, medical publishers, morcellators and various surgical devices. She previously clerked for the Honorable Joseph Rosa in the Superior Court of New Jersey and Honorable Richard Berman in the United State Court, Southern District of New York.

Carolyn was named a Pennsylvania “Rising Star” by Super Lawyers in 2018 and 2019.


  • “Security Incidents: Learning From Mistakes,” RIMS RISKWORLD 2024, San Diego, CA, May 6, 2024
  • “Payments,” IST’s 24 in ’24: Doubling Down on the Ransomware Task Force Recommendations, Washington, DC, April 24, 2024
  • “Threat Evolution and Claims Complexity,” Zywave 2024 Cyber Risk Insights Conference, London, UK, April 18, 2024
  • “Electronic Excellence: Protecting the Digital Integrity of Settlements,” 2024 CLM Annual Conference, San Francisco, CA, April 4, 2024
  • “State of the Market,” 12th Annual Cyber Liability Insurance ExecuSummit, Uncasville, CT, March 19, 2024
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Salt Lake City, UT, February 27, 2024
  • “Creating a Cyber Security Risk Mitigation Plan,” AgSafe Food & Farms ACTIVATE24, Monterey, CA, February 21, 2024
  • “Staying Ahead of the Curve in a Turbulent Cyber Market,” RIMS Atlanta 2024 Educational Conference, Atlanta, GA, February 2, 2024
  • “State of the Market,” Cyber Insurance Academy, Virtual, January 31, 2024
  • “Sleep Better at Night: Executing a Resilient Cyber Program,” American Financial Services Association (AFSA) Vehicle Finance Conference, Las Vegas, NV, January 31, 2024
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Kansas City, MO, October 20, 2023
  • “2023 Claims & Losses Update,” NetDiligence Cyber Risk Summit 2023, Beverely Hills, CA, October 17, 2023
  • “Cyber Readiness: 5 Critical Steps for Your Organization,” Travelers Institute, Virtual, October 11, 2023
  • “1:1 with a Breach Coach, “AQ Cybersecurity Summit, Canton, MA, October 5, 2023
  • “State of the Market: The Loss Landscape,” Zywave 2023 Cyber Risk Insights Conference, New York, NY, September 27, 2023
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, San Ramon, CA, September 19, 2023
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Atlanta, GA, September 12, 2023
  • “Cyber Insurance 101: Handbook for Attorneys and Their Clients,” Law & Forensics, Virtual, August 23, 2023
  • “Cyber Third-Party Litigation,” 2023 CLM Claims College, Baltimore, MD, August 18, 2023
  • “Complex Coverage Issues: Aggregation, Excess and Reinsurance,” 2023 CLM Claims College, Baltimore, MD, August 17, 2023
  • “Anatomy of a Data Breach,” 2023 CLM Claims College, Baltimore, MD, August 17, 2023
  • “Claims Trends and Incident Response,” intouchLive Cybersecurity and Data Privacy Symposium, New York, NY, July 14, 2023
  • “Law Firm Hacks: The Ethical and Other Implications of a Data Security Incident at Your Firm,” American Bar Association (ABA) Tort Trial and Insurance Section (TIPS) Conference, New York, NY, May 3, 2023
  • “Social Engineering: What Is It? Should You be Worried About It? How Can You Mitigate Your Risk of an Incident?,” Brown & Brown Webinar, Virtual, April 26, 2023
  • “Managing Insurance Issues Before and After a Cyber-Attack,” Incident Response Forum Masterclass 2023, Virtual, April 20, 2023
  • “All About Claims,” Zywave Cyber Risk Insights Conference London 2023, London, UK, April 19, 2023
  • “Cyber, Confidentiality, and Compliance…Oh My!,” 2023 CLM Annual Conference, Tampa, FL, March 30, 2023
  • “State of the Market,” 11th Annual Cyber Liability Insurance ExecuSummit, Uncasville, CT, March 21, 2023
  • “Cyber Liability Claims,” 2023 PLUS Cyber Symposium. New York, NY, February 14, 2023
  • “A Blended Perspective from Law, Insurance, IT & Security,” Cohesity and Presidio Best Practice Sharing Session, King of Prussia, PA, November 15, 2022
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Los Angeles, CA, October 13, 2022
  • “2022 Claims & Losses,” 2022 NetDiligence Cyber Risk Summit, Santa Monica, CA, October 11, 2022
  • “Cyber Event Tabletop Exercise,” 2022 CLM Claims College, Baltimore, MD, September 9, 2022
  • “Understanding Cyber Risks and Ransomware,” Louisiana CFMA Construction Conference, New Orleans, LA, August 4, 2022
  • “The Zero Trust Approach: A Comprehensive Guide on Leveling Up Your Cybersecurity Programs,” The Knowledge Group, Virtual, May 24, 2022
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Denver, CO, April 29, 2022
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Chicago, IL, April 27, 2022
  • “Incident Response: Cyber Insurance Issues,” Incident Response Forum Masterclass 2022, Virtual, April 21, 2022
  • “Proactive Preparation – Cybersecurity Frameworks and How They Help,” 10th Annual Cyber Liability Insurance ExecuSummit, Uncasville, CT, March 22, 2022
  • Cyber Claims & Losses Updates,” 2022 NetDiligence Cyber Risk Summit, Fort Lauderdale, FL, January 31, 2022
  • “Cyber Claim Trends, Regulatory & Incident Response,” McGriff, Virtual, January 25, 2022
  • Ransomware and Cyber Insurance,” Incident Response Forum Ransomware 2022, Virtual, January 13, 2022
  • “Keeping Up With Cybersecurity Challenges,” Kroll’s Network of Women (NOW), Virtual, December 2, 2021
  • How Do We Really Solve Ransomware,” 2021 Advisen Cyber Risk Insights Conference, Virtual, October 20, 2021
  • State of the Cyber Market,” The Graham Company, Virtual, September 15, 2021
  • “Cyber Event Tabletop Exercise,” 2021 CLM Claims College, Baltimore, MD, September 10, 2021
  • “A Heavy (and Expensive) Burden: Managing Data in the Age of Data Privacy Legislation,” 2021 Annual CLM Conference, Atlanta, GA, August 12, 2021
  • “Preparation For, and Management Of, Catastrophic Cyber Events,” 9th Annual Cyber Liability Insurance ExecuSummit, Uncasville, CT, May 12, 2021
  • “Cyber Law Update 2021,” Pennsylvania Bar Institute, Virtual, April 29, 2021
  • “Ransomware,” Olympia Insurance Spring Risk Conference, March 25, 2021
  • “Living Unapologetically,” WINCiyght, March 9, 2021
  • “Building Cyber Confidence,” S-RM, Virtual, February 18, 2021
  • “Ransomware: Where Do We Go From Here,” American Bar Association, February 12, 2021
  • “Cyber Insurance and the Legal Aspects Related to a Breach,” Miami Finance Forum CISO Roundtable, Virtual, February 11, 2021
  • “International Claims Management,” NetDiligence Conference, November 2020
  • “Ryuk, Maze, Sodinokibi, Conti…OH MY!,” Advisen, October 21, 2020
  • “Cybersecurity Tabletop,” Crittenden Medical Conference, October 2020
  • “Recent Cyber Updates,” Chubb Claims Review, June 2020
  • “Preparing, Responding and Recovering from a Cyber Incident,” The Knowledge Group, March 2020
  • “Understanding Cyber Risks and Ransomware,” Construction Financial Management Association, November 2019
  • “Anti-Hacking and Privacy Laws for Businesses: Rights and Remedies,” Knowledge Group, June 2019
  • “Electronic Discovery and Data Breaches,” NetDiligence, Junto News, August 27, 2019
  • “Cybersecurity Tabletop Exercise,” AICC Box Summit, August 2019
  • “Law Firms: Are They the Next Industry to Become a Cyber Breach Target?,” USI Affinity, 2018
  • “Cybersecurity Best Practices,” Dispute Resolution Institute, 2018
  • “Fighting the Cyber War: How to Protect Yourself and the Companies you Represent,” PA I Day, August 2018
  • “Cybersecurity: To Cloud or Not to Cloud,” USI Affinity, August 2018
  • “Claims: Cyber Intruders Target Insurance Legal Community,” AM Best, August 2018
  • “Cost of a Data Breach,” NetDiligence Conference, 2018
  • “Top Ten Practice Pointers for Dealing with Electronic Discovery,” HB Litigation, 2017