Brian Finch has developed a comprehensive cybersecurity practice that blends his technical and legal skills with an enviable familiarity with the government’s processes.
—Dave DeWalt, Chairman of Claroty, former CEO of FireEye

Brian Finch, a Pillsbury Public Policy partner with extensive regulatory and government affairs advocacy experience, is a recognized authority on global security and cybersecurity threats. He co-leads Pillsbury’s COVID-19 Response team, providing clients with real-time guidance on the implications of the rapidly evolving epidemic.

Based in Washington, DC, Brian provides strategic legal counsel to companies from nearly every industry regarding regulatory issues, cyberattacks, national defense and intelligence policies, and homeland security concerns. He has helped more than 150 clients take advantage of SAFETY Act liability protections following terrorist or cyberattacks and has testified before the U.S. Congress regarding the Act’s provisions. Brian advises on risk mitigation tactics, minimizing post-event negative consequences, and litigation strategies. He has also worked with the Departments of Defense and Health and Human Services on a variety of emergency medical preparedness matters, including weapons of mass destruction (WMD) and pandemic preparedness/response issues.

Representative Experience

  • Advised and advocated on behalf of a leading cybersecurity company providing real-time threat protection for global enterprises and governments regarding legislative defense authorization and related appropriations.
  • Advocated for the American Gas Association, American Public Power Association, National Rural Electric Cooperative Association, and others regarding federal cybersecurity solutions to help reduce liability for exposure to cyberattacks.
  • Represents automobile manufacturers in the development of cybersecurity best practices.

Professional Highlights

  • “Cybersecurity Obligations for Attorneys: Confidential Information in the Age of Cyber Crime.” Practising Law Institute Treatise. June 21, 2023.
  • Recognized by Chambers USA in Government: Government Relations, by The Legal 500 U.S. in its Cybercrime and the Data Protection and Privacy categories and by Law360 as a “Rising Star” in Privacy Law.
  • Received the 2015 Distinguished Legal Writing Award from The Burton Awards.

View More

  • Serves as a senior fellow with The George Washington University Center for Cyber and Homeland Security.
  • Visiting legal fellow, The Heritage Foundation, Washington, DC.
  • Former senior fellow with The George Washington University Center for Cyber and Homeland Security.
  • Honors & Awards
    • Legal 500 U.S., Cyber Law (2017 – 2019)
    • Legal 500 U.S., Government Relations (2017 – 2019, 2023)
    • National Law Journal DC Rising Stars, 2014
    • Washingtonian 40 Lobbyists Under 40, March 2011
  • Speaking Engagements, Webinars and Publications
    • Navigating the SEC’s New Cybersecurity Disclosure Regime,” The Review of Securities & Commodities Regulation, February 21, 2024.
    • “Legal risks associated with insecure software development practices,” Summit on Software Assurance and Supply Chain Security for ISVs, February 21, 2024.
    • “Implications of New Securities and Exchange Cybersecurity Reporting Requirements, and what that may mean for the CIO/CISO,” Edison Electric Institute Security & Technology EAC Meeting, November 30, 2023.
    • “Power Grids and Points of Vulnerability: Keeping the Lights on Amid Cybersecurity Concerns,” Pratt’s Privacy & Cybersecurity Law Report, October 2023.
    • “A Dangerous Web: Potential Pitfalls Associated with Using Social Media, AI, Facial Recognition, and Other Tech for Stadium Security,” National Sports Safety and Security Conference & Exhibition, June 28, 2023.
    • “Limiting Cyberattack Liability Protection through the SAFETY Act,” AdvaMed Cybersecurity Summit, December 12 & 13, 2022.
    • “Cybersecurity Issues and Rules for Sports and Entertainment Venues,” National Sports Safety and Security Conference & Exhibition, June 29, 2022.
    • “The Trouble With Facial Recognition Doesn’t Justify a Ban,” Wall Street Journal, December 15, 2020.
    • “The PREP Act and Liability Protection in the Age of Coronavirus,” Practising Law Institute Webinar, April 28, 2020.
    • “Episode #2: Social Engineering and the Escalations of Cyber Scams,” The Pillsbury Industry Insights Podcast, April 23, 2020.
    • “Gas and Cybersecurity—What do State Regulators Need to Know?” NARUC Winter Policy Summit, February 10, 2020.
    • “Limiting Cyber Liability through the SAFETY ACT,” American Gas Association Webinar, January 9, 2020.
    • “The SAFETY Act and the MGM Lawsuit,” ASIS Greater Kansas City October 2019 Chapter Breakfast, October 23, 2019.
    • “Using the SAFETY Act to Demonstrate ‘Reasonable’ Cybersecurity Plans to Regulators,” Practising Law Institute Webcast, September 19, 2019.
    • “The SAFETY Act and the MGM Lawsuit,” Global Security Exchange Conference 2019, September 10 – 11, 2019.
    • Cybersecurity, Privacy & Data Breaches, Panelist, Government Affairs Industry Network’s Policy Disruption in Fintech & Investment Services series, July 17, 2019.
    • “You Have Been Hacked: Now What?” 45th Annual TBA Bankers Legal Conference, April 4, 2019.
    • “Watching the Watchers: GDPR, California Consumer Privacy Act and Cybersecurity Vendors” Practising Law Institute Webcast, April 1, 2019.
    • How to Balance the Cost of Compliance,” Boston CISO Executive Summit, November 6, 2018.
    • “The American Arsenal Is Vulnerable to Cyberattacks: U.S. Firepower Could Be Crippled by Software Flaws. The Pentagon Has Been Slow to Respond.,” The Wall Street Journal: Opinion, October 15, 2018.
    • How Does The SAFETY Act Work For Me? A Four-Part Series Webinar, May 2018.
    • “Credible Risks and Credible Risk Management: Using the SAFETY Act to Manage Claims Following Realistic Physical and Cybersecurity Events,” PLI Current: The Journal of PLI Press, Vol. 2, No. 2. Spring 2018.
    • “Big Data As a Threat? An Alternative Approach to Cybersecurity,” Webinar, February 11, 2015.
    • “Crisis Management: Dealing with a Cyberattack,” Presentation to the American Petroleum Institute, Fall Law Committee Meeting, October 3, 2014, Washington, DC.
    • “Cyber Liability Preparedness for Asset Managers,” Webinar, July 17, 2014.
    • Information Security Issues, Practising Law Institute Financial Services IT 2014: Avoidance of Risk Seminar, May 21, 2014.
    • “Cybersecurity: Progress and Challenges to Keep Your Co-Op Safe,” National Rural Electric Cooperative Association Legal Seminar 54, May 20 – 21, 2014
    • “Cultivating Ethics: Mitigation Vulnerability to Cyber and Data Security Threats in Order to Maintain Client Confidentiality,” Virtual LegalTech, May 15, 2014.
    • “Insight on Cybersecurity Strategies, Cybersecurity and Countering Corporate Espionage Symposium,” May 1, 2014.
    • “Surviving the Cyber Tsunami: Cybersecurity Worries and Opportunities for Security Contractors,” 2014 Security Industry Association Education@International Security Conference and Exposition West, April 2, 2014.
  • Associations
    • Homeland Security and Defense Council, senior advisor
    • National Center for Spectator Sports Safety and Security, advisory board member
    • George Washington University’s Homeland Security Policy Institute, inaugural senior fellow
    • The George Washington University Law School, professorial lecturer

Education

  • J.D., The George Washington University Law School, 1999

    M.A., The George Washington University, 1999

    B.S., Cornell University, 1996

Admissions

  • District of Columbia

Courts

  • U.S. Court of Appeals for the Fourth Circuit