Carolyn Purwin Ryan is a partner at Mullen Coughlin. She serves as breach counsel and provides third-party privacy defense legal services. She also aids clients in incident response planning, including tabletop exercises, assessment of regulatory compliance requirements and inquiries from regulators on both the state and federal levels. Ms. Ryan serves as a breach counsel to companies in various areas including healthcare institutions, construction companies, managed service providers, municipalities, professional services, retail, technology and financial institutions. She leads response investigations, guidance in governmental investigations, mitigation and restoration services. Ms. Ryan counsels clients on development of risk assessment policies, vendor agreement analysis and implementation of data privacy practices.

Prior to joining Mullen Coughlin, Ms. Ryan was the co-chair of the Cybersecurity and Data Privacy department at her previous firm. She also served as national counsel for several state and federal mass tort litigations representing manufacturers and distributors of pharmaceuticals, medical publishers, morcellators and various surgical devices. She previously clerked for the Honorable Joseph Rosa in the Superior Court of New Jersey and Honorable Richard Berman in the United State Court, Southern District of New York.

Carolyn was named a Pennsylvania “Rising Star” by Super Lawyers in 2018 and 2019.

SPEAKING ENGAGEMENTS & PRESENTATIONS

• “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Los Angeles, CA, October 13, 2022
• “2022 Claims & Losses,” 2022 NetDiligence Cyber Risk Summit, Santa Monica, CA, October 11, 2022
• “Cyber Event Tabletop Exercise,” 2022 CLM Claims College, Baltimore, MD, September 9, 2022
• “Understanding Cyber Risks and Ransomware,” Louisiana CFMA Construction Conference, New Orleans, LA, August 4, 2022
• “The Zero Trust Approach: A Comprehensive Guide on Leveling Up Your Cybersecurity Programs,” The Knowledge Group, Virtual, May 24, 2022
• “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Denver, CO, April 29, 2022
• “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Chicago, IL, April 27, 2022
• “Incident Response: Cyber Insurance Issues,” Incident Response Forum Masterclass 2022, Virtual, April 21, 2022
• “Proactive Preparation – Cybersecurity Frameworks and How They Help,” 10th Annual Cyber Liability Insurance ExecuSummit, Uncasville, CT, March 22, 2022
• “Cyber Claims & Losses Updates,” 2022 NetDiligence Cyber Risk Summit, Fort Lauderdale, FL, January 31, 2022
• “Cyber Claim Trends, Regulatory & Incident Response,” McGriff, Virtual, January 25, 2022
• “Ransomware and Cyber Insurance,” Incident Response Forum Ransomware 2022, Virtual, January 13, 2022
• “Keeping Up With Cybersecurity Challenges,” Kroll’s Network of Women (NOW), Virtual, December 2, 2021
• “How Do We Really Solve Ransomware,” 2021 Advisen Cyber Risk Insights Conference, Virtual, October 20, 2021
• “State of the Cyber Market,” The Graham Company, Virtual, September 15, 2021
• “Cyber Event Tabletop Exercise,” 2021 CLM Claims College, Baltimore, MD, September 10, 2021
• “A Heavy (and Expensive) Burden: Managing Data in the Age of Data Privacy Legislation,” 2021 Annual CLM Conference, Atlanta, GA, August 12, 2021
• “Preparation For, and Management Of, Catastrophic Cyber Events,” 9th Annual Cyber Liability Insurance ExecuSummit, Uncasville, CT, May 12, 2021
• “Cyber Law Update 2021,” Pennsylvania Bar Institute, Virtual, April 29, 2021
• “Ransomware,” Olympia Insurance Spring Risk Conference, March 25, 2021
• “Living Unapologetically,” WINCiyght, March 9, 2021
• “Building Cyber Confidence,” S-RM, Virtual, February 18, 2021
• “Ransomware: Where Do We Go From Here,” American Bar Association, February 12, 2021
• “Cyber Insurance and the Legal Aspects Related to a Breach,” Miami Finance Forum CISO Roundtable, Virtual, February 11, 2021
• “International Claims Management,” NetDiligence Conference, November 2020
• “Ryuk, Maze, Sodinokibi, Conti…OH MY!,” Advisen, October 21, 2020
• “Cybersecurity Tabletop,” Crittenden Medical Conference, October 2020
• “Recent Cyber Updates,” Chubb Claims Review, June 2020
• “Preparing, Responding and Recovering from a Cyber Incident,” The Knowledge Group, March 2020
• “Understanding Cyber Risks and Ransomware,” Construction Financial Management Association, November 2019
• “Anti-Hacking and Privacy Laws for Businesses: Rights and Remedies,” Knowledge Group, June 2019
• “Electronic Discovery and Data Breaches,” NetDiligence, Junto News, August 27, 2019
• “Cybersecurity Tabletop Exercise,” AICC Box Summit, August 2019
• “Law Firms: Are They the Next Industry to Become a Cyber Breach Target?,” USI Affinity, 2018
• “Cybersecurity Best Practices,” Dispute Resolution Institute, 2018
• “Fighting the Cyber War: How to Protect Yourself and the Companies you Represent,” PA I Day, August 2018
• “Cybersecurity: To Cloud or Not to Cloud,” USI Affinity, August 2018
• “Claims: Cyber Intruders Target Insurance Legal Community,” AM Best, August 2018
• “Cost of a Data Breach,” NetDiligence Conference, 2018
• “Top Ten Practice Pointers for Dealing with Electronic Discovery,” HB Litigation, 2017

PUBLICATIONS

• “U.S. Department of Treasury Issues Updated Advisory on Facilitating Ransomware Payments,” September 24, 2021
• “NYS Department of Financial Services Issues ‘Cyber Insurance Risk Framework’,” American Bar Association’s Cybersecurity and Data Privacy Newsletter – Spring 2021, April 22, 2021 (Subscription Required)
• “U.S. Issues New Economic Sanctions Against Russia For Alleged Involvement in Government Hacking Activity,” April 22, 2021
• “NYS Department of Financial Services Issues ‘Cyber Insurance Risk Framework’,” February 24, 2021