Cybersecurity
Patrick Burke’s cybersecurity career began in 2009 as European counsel for a U.S. software company developing enterprise-wide security solutions. Working with EU regulators, works councils, and corporate leaders, he helped craft monitoring frameworks that balanced threat detection with employee privacy. In the 2010s, he advised clients at Reed Smith and Seyfarth Shaw while writing and teaching on emerging cybersecurity laws and standards.
Appointed Deputy Superintendent at the New York State Department of Financial Services in 2018, Burke launched its first IT examination team focused on DFS’s leading cybersecurity regulations, 23 NYCRR 500. He led breach investigations and oversaw cybersecurity reviews of cryptocurrency exchanges and Bitcoin ATMs. He advises DFS-licensed and chartered companies on cybersecurity compliance.
He has since advised major financial, advertising, insurance, airline, manufacturing, and pharmaceutical clients before serving as Chief Data & Privacy Officer for a leading adtech agency, where he built and implemented comprehensive incident response and business continuity programs.
Cybersecurity Compliance
Corporate boards and executives now face expanding cybersecurity obligations—including personal accountability under U.S. and state regulations, not to mention client- and insurer-imposed obligations.
Patrick Burke understands how regulators are likely to interpret these rules—because he helped enforce them. As a former Deputy Superintendent of DFS, he oversaw the IT examination teams that assessed financial institutions for compliance with the first-in-the-nation DFS Cybersecurity Regulation which sets the national standard. Burke brings that insider perspective to help organizations prepare for scrutiny, strengthen governance, and demonstrate a culture of compliance.
While a particular company may not be subject to DFS’s Cybersecurity Regulation, he serves as an adept counselor and architect with other regulatory regimes, including SEC’s Cybersecurity Disclosure Rule, the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and HIPAA’s Security Rule. We also guide clients through technical frameworks such as the NIST Cybersecurity Framework, SANS, ISO/IEC 27001, NIST 800-53 and industry-specific mandates like PCI-DSS.
Our services include drafting and updating security policies, leading tabletop breach exercises, advising on vendor risk management, and preparing board presentations that withstand regulatory scrutiny.
Cybersecurity Incident Response
When a cyberattack or data breach occurs, time is critical. Burke helps organizations prepare and respond with speed, precision, and legal insight. We build and test incident response plans aligned with the NIST Cybersecurity Framework and ISO/IEC 27035 (Incident Management), and conduct tabletop simulations to assess readiness.
In the heat of an incident, we often serve as outside counsel, coordinate with forensic experts, law enforcement, insurers, and regulators while guiding clients through notification duties under GDPR, CCPA, HIPAA, and state breach statutes. In this capacity, Burke’s prior service in government serves as an advantage in outreach to government regulators, insurers, clients and other affected stakeholders. Our work minimizes liability, protects reputation, and demonstrates compliance.
Afterward, we conduct post-incident reviews, close gaps, and advise boards on remediation strategies—transforming crisis into opportunity to build stronger, more resilient cyber defense.