What general counsels need to do to prepare for a cyber breach

Published: June 19, 2019 12:17:13 AM

The data economy will further amplify the vulnerabilities of data, and expose businesses, governments and individual consumers to cyber threats.

cyber threat, cyber attack, tech news, incident response, IR, CISO, CMO, industry news, cyber security measure, cyber securityWhat general counsels need to do to prepare for a cyber breach

By Shrikant Shitole

The last decade has spurred dramatic shifts in technology that have made the world a more connected and efficient digital realm. Businesses can now engage digitally with their stakeholders from across the world, at any time, across a bevy of screens. Remote workers and their personal devices in the modern enterprise, expose critical data to threat actors. The data economy will further amplify the vulnerabilities of data, and expose businesses, governments and individual consumers to cyber threats.

In most large enterprises, especially publicly listed ones, the general counsel (GC) plays a key role in the management and is also the vital link between the company and the executive board. While the GC addresses myriad legal and business challenges, none of them will be as harrowing as dealing with a cyber attack. general counsel, cyber breach,

The following are some key steps a GC can take to ensure their organisation is prepared for a cyber incident.
Connect: A strong partnership between the CISO and the GC is essential given today’s cyber landscape. It is important to know about the company’s data, how it is protected, where it is located and how it can be accessed, and what levels of visibility does the security team have into their IT assets.

Plan: Develop an incident response (IR) plan and identify the team needed to execute that plan. The response team may include the CEO, CISO, CMO, internal/ external legal counsel, communications professionals and external incident responders/ forensic specialists. It is necessary to examine the company’s contractual relationships with vendors that have access to sensitive information or data, to understand what cyber security measures and breach procedures are in place. It would be better to create a standard data security addendum that can be attached to vendor contracts and include risk allocation provisions that apply should the vendor be subject to a leak or breach.

Practice: Test the IR plan. Conduct tabletop crisis exercises and ensure that internal response team members and external experts are pre-identified and “on call.” In today’s mobile and social world, managing crisis response in a timely manner is critical. Note that there should always be takeaways from practice sessions—ways to refine and improve the overall process.

Protect: Establish and protect attorney-client privilege before (if possible) and at a minimum immediately after a breach by coordinating communications and incident response through the GC’s office.

Involve: Provide the Board with regular updates from the CISO. Fiduciary duties related to cyber security require Boards to meet a “reasonableness” standard akin to the business judgement rule.

Consider: Knowing the costs of a breach and evaluating the risk of a loss to the company may warrant the use of cyber insurance. A Cyber Insurance Risk Assessment provides a quick, high-level analysis of an organisation’s risk level. Cyber security is a team sport. Developing and executing a strong IR plan requires cooperation between the GC and the CISO, and coordination across various internal groups such as finance and marketing, the C-Suite, senior executives, and outside specialists as well.

The writer is senior director & country head for India, FireEye

Get live Stock Prices from BSE and NSE and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Next Stories
1Startup lobby of Ola, MakeMyTrip, others asks for this major tax rule change for foreign firms in India
2AirAsia to convert 253 orders for Airbus A320neo planes to larger A321neo
3Budget 2019: Electronic Vehicle makers seek tax relief, cess on polluting vehicles