Craig S. Horbus

Partner

Craig S. Horbus headshot

My service areas

These are the practice areas that shape the core of my work.

Industries I serve

Explore the industries where I help clients navigate opportunities and challenges.

Download my bio

Craig is a highly regarded cybersecurity attorney and corporate counselor with a reputation for navigating complex legal landscapes and safeguarding businesses in an era of digital transformation. With 20+ years of experience in the legal and technology sectors, Craig stands at the forefront of cybersecurity law, providing unparalleled expertise to clients in managing risk, ensuring compliance, and addressing emerging threats. Craig is known for his comprehensive understanding of both the legal implications and technical aspects of cybersecurity, which enables him to offer strategic counsel on a wide range of issues, from data protection and incident response to regulatory compliance and litigation. His certifications demonstrate his knowledge, skillset and ability to perform his job, validating his expertise and credibility.

Craig’s practice has evolved to include acting as counsel to companies through some of the most sophisticated data breaches, including ransomware, malware, hacking, and phishing attacks. These high-stakes matters often require him to work closely with various law enforcement agencies, including the FBI and the Department of Homeland Security, to manage and mitigate the impact of such incidents.

In addition to his work in cybersecurity, Craig has substantial experience representing companies of all sizes, including serving as outside general counsel. He assists organizations in navigating a full spectrum of corporate and operational issues, from mergers and acquisitions to intellectual property and corporate governance. Craig’s ability to integrate legal insight with practical business solutions has made him a trusted advisor to many companies and startups alike.

Credentials

Education

Cleveland-Marshall College of Law (J.D., 2004)

Temple University (2002)

Baldwin-Wallace College (B.A., cum laude, 2001)

Bar admissions

  • Ohio
  • Florida

Court admissions

  • U.S. District Court for the Northern District of Ohio
  • U.S. District Court for the Southern District of Ohio
  • U.S. District Court for the Southern District of Florida

Affiliations and memberships

  • International Association of Privacy Professionals (2024-Present)
  • Leadership Ohio (2025)
  • Akron Bar Association, Member
  • Akron Bar Association Foundation, Fellow
  • Federal Bar Association, Member
  • Torchbearers Alumni Board, Member
  • Ohio State Bar Association, Member (2004-Present)
  • Florida State Bar Association, Member (2005-Present)

Distinctions

  • Best Lawyers in America®
    • Mergers and Acquisitions (2024)
    • Corporate (2024)

Certifications

  • Certified Information Privacy Professional (CIPP)
  • Law Enforcement Ohio Automated Data System (LEADS)
  • Criminal Justice Information Services (CJIS)
Career Highlights

  • Represented Client in Business Email Compromise Event

    Acted as breach counsel for a 200 year old non-profit organization who was targeted by a business email compromise. A threat actor posed as a known vendor and sent fraudulent wire transfer instructions via e-mail. Dinsmore swiftly acted to file an IC3 with the FBI and requested a financial fraud kill chain which resulted in a full recovery of the fraudulent transfer.

  • Represented Client in Digital Forensics Investigations

    Acted as breach counsel for a major nationwide mortgage lender which required digital forensics investigations involving over 30 states.

  • Defended Government Agencies in Charles Littlejohn Breach

    Acted as breach counsel for multiple government agency clients that received notice letters that their information had been improperly accessed by an IRS employee. This incident, part of the Charles Littlejohn Breach, involved Charles Littlejohn, who stole tax return data of thousands of high-net-worth individuals and related entities between 2018 and 2020. He provided the stolen information to a journalism organization and other outlets. Littlejohn pled guilty to unauthorized disclosure of tax returns and was sentenced to five years in prison in January 2024.

  • Advised Client in Unauthorized Email Access

    Our firm jumped in when a major privately-owned US energy company was notified that an employee email account of a third party service vendor had been subject to unauthorized access for a period of a week due to a phishing scheme. The unauthorized access exposed energy company PII for thousands and required notice obligations around the country.

  • Advised Client in Fraudulent Transfer that started with Phishing Attack

    Acted as breach counsel for a leading energy production company that was targeted by a phishing attack using a fraudulent vendor domain. The threat actor gained access to an employee’s e-mail, created rules to conceal communications, and diverted over $2 million to a fraudulent account. Dinsmore swiftly acted to file an IC3 with the FBI and requested a financial fraud kill chain which resulted in a full recovery of the fraudulent transfer.

  • Represented Client in Business Email Compromise Event

    Acted as breach counsel for an entertainment company, operating since 1919, who was targeted by a business email compromise. A threat actor posed as a known vendor and sent fraudulent wire transfer instructions via e-mail. Dinsmore swiftly acted to file an IC3 with the FBI and requested a financial fraud kill chain which resulted in a full recovery of the fraudulent transfer.

  • Defense of Ransomware Incident for Multi-State Company

    Acted as breach counsel for a multi-state medical service company involved in a ransomware incident. Our client was diligent in identifying unusual behavior, including the presence of encrypted files within their network environment and quickly notified Dinsmore to assist and navigate them through the attack. The incident exposed thousands and required notice obligations around the country.

  • Counseled Healthcare Technology Client in Breach Incident

    Acted as breach counsel for a healthcare technology company that disclosed enterprise-wide connectivity issues and service application interruptions, attributing them to the ALPHV/Blackcat ransomware as a service (Raas) threat actor. This incident affected healthcare provider customers across the United States.

  • Served as Counsel for Cybersecurity Incident

    Acted as breach counsel for a major nationwide mortgage lender during a cybersecurity incident involving compromised employee email accounts.

Publications
  • August 25, 2025

    Making Your Business Cyber Secure

    Read more
  • June 21, 2024

    Artificial Intelligence – Banking on our Future: How Will AI Impact Community Banks and Who is Willing to Lead the Charge?

    Read more
  • April 4, 2024

    National Security of Data? U.S. Government Issues Executive Order Aimed at Protecting Americans’ Personal Data: How Does New Cyber Security Executive Order Affect Your Business?

    Read more
  • March 15, 2024

    FTC Hosts Eighth Annual PrivacyCon: What Can Businesses Expect in 2024?

    Read more
  • March 12, 2024

    Still on Top: Cybersecurity Incidents Ranked #1 Global Business Threat in 2024

    Read more
  • March 7, 2024

    Prescribing Security: Why Healthcare Companies Should Take Note of Recent Ransomware Attack

    Read more
News
  • December 11, 2025

    Dinsmore Named NetDiligence® Breach Coach® Law Firm

    Read more
  • September 22, 2025

    Cybersecurity Attorneys Explain Florida’s Data Breach Notification Rules

    Read more
  • August 21, 2025

    260 Dinsmore Attorneys Listed as 2026 Best Lawyers®, Ones to Watch

    Read more
  • December 31, 2024

    Dinsmore Supports Cybersecurity Breach Response in Major 2024 Incidents

    Read more
  • August 15, 2024

    250+ Dinsmore Attorneys Named 2025 Best Lawyers ®, Ones to Watch

    Read more
Events
  • October 29, 2024

    Dinsmore Webinar: Don’t Be the Next Change Healthcare

    Read more
  • April 18, 2024

    Cybersecurity & Privacy Protection Conference 2024

    Read more
  • April 9, 2024

    Business Technology AI Forecast

    Read more