This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.

Freshfields Risk & Compliance

| 1 minute read

Your company’s been hacked - what now? Do you know what to do in a data crisis?

Awareness of and reaction to cyber threats is growing. Cyber security is increasingly a board issue, and regulators are increasingly expecting to see strong governance in relation to it.  ‎ 

Companies are grappling with what this means in practice, according to a straw poll of in-house lawyers this week. Two thirds wouldn’t feel confident explaining the split between legal and technical responsibilities for handling a hack, and did not know their role in their company's data crisis response plan.  Around half do not have, or do not know if they have, a Chief Information Security Officer to turn to in their organisation.  

Data protection is a key area of cyber risk, especially because the new European General Data Protection Regulation (GDPR) imposes much stricter requirements regarding how companies treat individuals’ data - including new breach notification requirements.  Getting it wrong (or inaction) could expose you to significant fines - up to 4% of worldwide annual turnover for the worst data privacy failings.  

As the saying goes: “in time of peace, prepare for war”. A checklist for in-house counsel includes:  

·        cyber governance; 

·        cyber strategy and policies; 

·

        an incident response plan and playbook; 

·        investigations procedures and resources to deploy when needed; 

·        readiness to deal with the regulators; 

·        knowing your contractual rights and obligations; and 

·

        plans to deal with litigation when the need arises.  

Please contact us to discuss what you/your company needs and how we can help you prepare.

The risk to business is "significant and growing", the National Crime Agency and National Cyber Security Centre say.

Tags

cyber security, cybersecurity, hack, data, data protection, data privacy