Protecting your business in the age of cyber-crime

Cyber-crime has made many headlines recently and it is more important than ever to guard your business against this ever-evolving threat.

The potential consequences of a cyber-attack may include:

• the loss of trade secrets or intellectual property that could undermine competitive advantage
• the loss of customers and sales
• the loss or compromise of personal customer information or credit card data, carrying with it potential legal and regulatory issues and potential fines and penalties
• claims brought by customers for compensation for any losses alleged to have been suffered; and
• immediate brand and reputational damage.

Coupled with this is the fact that where directors have failed to protect their business from cyber risks to the same degree as other business risks, they could end up facing legal action for breach of fiduciary duty.

Organisations should therefore:

• establish a cyber risk management policy and ensure that this is part of the company’s governance framework
• undertake an initial risk assessment considering the amount and type of personally identifiable information, customer data and confidential corporate data maintained by the organisation and the manner in which the information is used, transmitted and stored
• ensure internet safety and network security
• provide training and increase user awareness
• establish an incident response and disaster recovery team and put in place a ‘tried and tested’ incident response plan. This should include lawyers who can be called upon to advise on potential risks and regulatory issues
• take out adequate insurance to protect the business against the particular risks and exposures it faces.

These policies should be regularly reviewed and a proactive approach is essential.

Nick is an associate, solicitor in our litigation and dispute resolution team and handles a wide variety of work for both commercial and private clients. This includes contractual disputes, landlord and tenant matters, property disputes and professional negligence claims. He is an accredited civil and commercial mediator.