Ericka Johnson has extensive experience responding to bet-the-company global and domestic cybersecurity incidents on behalf of clients across a variety of industries, including healthcare, education, insurance, manufacturing, financial institutions and law firms. She is a trusted advisor, helping clients understand and meet their legal obligations associated with experiencing ransomware attacks, business email compromises, data leakage, data exfiltration, insider attacks and third-party/vendor incidents.

Ericka regularly works with IT forensic firms to help her clients understand the nature and scope of their cybersecurity incident. She frequently interfaces with law enforcement and industry-specific regulators in the US and coordinates filings with, and responses to, inquiries from regulators around the world (i.e., the EU, South Pacific, Africa and Latin America).

Ericka prepares clients to respond to future incidents by conducting tabletop exercises and developing incident response plans. Following a cybersecurity incident, Ericka assisted the firm’s privacy litigation team, which was ranked second in 2022 among all law firms by Global Data Review, defend data privacy, cybersecurity and data breach disputes across the country, including class action and multidistrict litigation.

Ericka also counsels companies, government entities, and nonprofit organizations on the appropriate use of federal grants, particularly those issued under the Coronavirus Aid, Relief, and Economic Security Act (CARES), and further funded under the Coronavirus Response and Relief Supplemental Appropriations Act (CRRSA) and the American Rescue Plan Act of 2021 (ARP). She frequently develops and implements effective compliance policies and strategies, conducts internal investigations, and responds to enforcement actions.

Prior to joining private practice, Ericka served for six years as a judge advocate in the US Marine Corps (USMC), where she specialized in, among other things, complex litigation and cybersecurity operations. She continues to serve as reserve general counsel to commanding officers in the Washington DC area.

While on active duty, Ericka was responsible for all facets of investigating and defending Marines accused of misdemeanor and felony violations of the Uniform Code of Military Justice. She represented clients accused of crimes in Jordan, Guantanamo Bay, Spain, Afghanistan, Japan, the Philippines and North America. Ericka litigated nine jury trials to full acquittals, including five major felony cases, more than 40 administrative hearings, and defended clients in more than 15 sentencing hearings. She conducted hundreds of witness interviews, prepared clients and witnesses for live testimony, pursued discovery and engaged in motions practice to challenge and limit the evidence used against her clients.

While serving in Afghanistan, Ericka authored the US and NATO “Use of Force” compliance policies and designed and implemented regionwide training programs for hundreds of NATO and US service members. As the primary legal advisor to NATO and US combat commands, she advised general officers on the legal ramifications and international/domestic legalities and policies for the planning and execution of more than 980 NATO- and US-led operations, including cybersecurity operations.

While serving at the Pentagon, Ericka helped develop and implement the USMC’s Master of Cyber Law Military Occupation Specialty program, which provides judge advocates with specialized skills in the technical areas of cybersecurity law and cyber operations.

Award Mouse thought multimedia interface book medal screen monitor
  • Responding to a ransomware attack experienced by a third-party vendor to a state department of health that resulted in the potential compromise of millions of records containing protected health information belonging to the state’s patients; appropriately notifying affected individuals and the Office of Civil Rights; effectively managing media inquiries; and litigating recovery of loss due to breach of contract and gross negligence of third-party vendor.
  • Responding to a ransomware attack at a national insurance company that resulted in the likely compromise of over 30,000 individuals in the US, including current and former employees and claimants; notifying individuals and responding to inquiries from more than 30 regulators, including states’ attorneys general and insurance commissioners; aiding in the return to business operations in a few weeks and communications to employees and brokers; and litigating recovery of loss due to gross negligence of pre-existing cybersecurity vendor.
  • Responding to a ransomware attack experienced by a publicly traded global mineral development company that affected operations in over 70 production and research locations in 35 countries; notifying regulators in over 15 countries and 17 states within the US; notifying over 30,000 individuals in 33 different countries, including Europe, Africa, North and South America, and the South Pacific regions; aiding in communications to employees globally in over 20 different languages; and meeting all legal obligations and proactively avoiding lawsuits.
  • Responding to a ransomware attack experienced by a US subsidiary of a publicly traded global microchip and technology company in Japan; notifying 13 regulators in the US, as well as approximately 1,500 current and former employees; coordinating notifications to over 400 potentially affected business partners; designing and executing the business partner communication plan, including developing an organizational email to centralize the response; conducting meetings with business partners; and meeting all legal obligations without any lawsuits or inquiries from regulators.
  • Responding to a ransomware attack of a private university; assuming the role as outside counsel after initial counsel was released by the client; responding to ongoing inquiries from the US Department of Education and its Office of the Inspector General; designing the communication plan for staff and students; notifying more than 30,000 individuals in over 33 states; conducting a cybersecurity risk assessment with the retained IT firm and meeting all legal obligations without any lawsuits or additional inquiries from regulators.
  • Conducting cybersecurity risk assessments for two US banks and a UK energy company, determining their cybersecurity maturity and associated possible liability and conducting tabletop exercises.


  • University of Wisconsin - Madison, J.D., 2011
  • University of California, Santa Barbara, B.A., 2008


  • District of Columbia, 2017
  • Wisconsin, 2011


  • U.S. Supreme Court
  • U.S. Court of Appeals for the Armed Forces

Clerk Experience

  • Wisconsin State Supreme Court
    Hon. Ann Walsh Bradley
    September 2010 - May 2011
  • Best Lawyers: Ones to Watch in America 2023, Criminal Defense: White-Collar

{{}} {{insights.type}} {{insights.contentTypeTag}}
{{blog.title}} {{blog.source}}

Recent Publications

Recent Speaking Engagements

  • Co-presenter, “Defending the Privilege of a Forensic Report,” webinar, Federal Bar Association, January 2023.
  • Panelist, “Best Practices to Defend Work-Product Status and Attorney-Client Privilege of Forensic Reports,” CLE presented by America Bar Association and myLawCLE, January 18, 2023.
  • Panelist, “Ensuring your Organization is Prepared to Meet the Current Cybersecurity Regulatory Environment,” The Privacy+Security Academy Conference hosted in Washington DC, November 4, 2022.
  • Speaker, “Data Breaches and Privacy Trends,” 2022 PACE ACX conference hosted in Nashville, Tennessee, October 11, 2022.
  • Speaker for CLE Course, "Cybersecurity Threats to National Security: The Biden Administration’s Response," hosted by Quimbee, September 23, 2022.
  • Panelist, “The Value of Regular Independent Cybersecurity Compliance Assessments,” webinar hosted by the Association of Corporate Counsel, April 27, 2022.
  • Panelist, “Overview of the Biden Administration’s Response to the Ever-Growing Cyber Threat to National Security,” The Masters Conference hosted in Washington DC, April 20, 2022.
  • Speaker, “Defending Work Product Status and Attorney-Client Privilege of Forensic Reports,” webinar hosted by Lawline, January 11, 2022.
  • Panelist,: “Compliance and the CARES Act: Challenges and Opportunities”, Global Compliance Forum Virtual Series webinar hosted by Squire Patton Boggs, November 5, 2020.
  • Panelist, “Best Practices for a Newly Remote Workforce,” webinar hosted by Squire Patton Boggs, May 11, 2020.
  • Panelist, “Ransomware Attacks: An Introduction to Tabletop Exercises,” DC BAR eDiscovery & Information Governance Community, Washington DC, January 23, 2020.
  • Panelist, “Cybersecurity: Is Your Discovery Secure? The Truth Is Out There,” The Master’s Conference, Washington DC, October 28, 2019.
Award Mouse thought multimedia interface book medal screen monitor