Awareness of and reaction to cyber threats is growing. Cyber security is increasingly a board issue, and regulators are increasingly expecting to see strong governance in relation to it.  ‎ 

Companies are grappling with what this means in practice, according to a straw poll of in-house lawyers this week. Two thirds wouldn’t feel confident explaining the split between legal and technical responsibilities for handling a hack, and did not know their role in their company's data crisis response plan.  Around half do not have, or do not know if they have, a Chief Information Security Officer to turn to in their organisation.  

Data protection is a key area of cyber risk, especially because the new European General Data Protection Regulation (GDPR) imposes much stricter requirements regarding how companies treat individuals’ data - including new breach notification requirements.  Getting it wrong (or inaction) could expose you to significant fines - up to 4% of worldwide annual turnover for the worst data privacy failings.  

As the saying goes: “in time of peace, prepare for war”. A checklist for in-house counsel includes:  

·        cyber governance; 

·        cyber strategy and policies; 

·        an incident response plan and playbook; 

·        investigations procedures and resources to deploy when needed; 

·        readiness to deal with the regulators; 

·        knowing your contractual rights and obligations; and 

·        plans to deal with litigation when the need arises.  

Please contact us to discuss what you/your company needs and how we can help you prepare.