Lauren D. Godfrey of Constangy Brooks Smith & Prophete. Courtesy photo For organizations responding to a cybersecurity incident, the immediate focus is often on containment, eradication and recovery. However, state attorneys general increasingly view delayed breach notification as a distinct compliance failure that can result in regulatory scrutiny, enforcement actions, civil penalties and costly settlement obligations.