Every CISO needs access to skilled legal counsel, a trusted advisor who can address the challenge of protecting enterprise and customer data as well as complying with an ever-growing maze of international industry and government mandates. Finding an  attorney who understands the serious issues CISOs face can be a formidable task. Only a relative handful are knowledgeable in technology, security and privacy issues.

That’s a good reason for CISOs to participate in the hiring of a general counsel (GC). The following five questions will help CISOs cut through the candidate crowd and find the legal counsel who’s best equipped to help your organization and its customers and business partners stay safe and secure.

1. How will you respond to our call for help?

Time is of the essence when a breach occurs. For most enterprises, the cost created by mismanaging legal risks far outweighs the expense of technical fixes and recovering lost systems. “Having an experienced law firm on retainer and preparing for an incident response in advance is critical,” says Leo Taddeo, CISO at data colocation provider Cyxtera.

It’s particularly important to determine who will make the key decisions in the minutes and hours after a breach begins. If no management representatives are immediately available, will the attorney be empowered to take the actions necessary to protect critical enterprise resources?