Our Co-Founder and Chief Marketing Officer, Sacha Kirk recently moderated a virtual fireside chat with Cyber Security Global Legal Counsel at Accenture Security, Annie Haggar. During the discussion, Ms Haggar shared insights regarding some of the challenges of working in cyber security law, and how General Counsels and in-house legal teams can effectively respond to these challenges.
In this article, we examine some of these insights.
To begin, it is worthwhile examining the current cyber security landscape in Australia. The most recent ACSC Annual Cyber Threat Report released in June 2020, revealed that cyber crime has become one of the most pervasive threats facing Australia, with the frequency, scale and sophistication of malicious cyber activity increasing significantly over the past 12 months. Within the increase in cyber crime, phishing, spear phishing and ransomware are among the most commonly used methods, and also present the most significant threats to business and government operations. To that affect, the cyberthreat landscape has intensified and General Counsel (GC) and in-house lawyers have had to collaboratively devise cyber security strategies to safeguard their organisations.
Annie Haggar spoke of these changes and shared some methods through which GCs and in-house counsel can transform their approach to cyber security.
“Certainly, speed of change is the key one… it is changing hour by hour” – Annie Haggar
A key challenge for GCs and legal practitioners working in cyber security law is the speed of change. Digital advancement in combination with COVID-19 has not only transformed the cyber security landscape, but also accelerated the speed at which companies face security threats and targeted cyber attacks. The Australian Security Insights Report shows that 72% of Australian businesses reported an increase in the volume of attacks in the past 12 months, and 80% reported that the attacks had become more sophisticated.
According to Ms Haggar, building a methodology to stay up to date with the changes can assist lawyers to act proactively and provide the right legal advice to their clients when required. For example, being aware and keeping up to date with the business, client and regulatory risks and associated obligations ensures in-house counsel are equipped with sufficient knowledge to help them effectively do their job as a legal advisor, and further, to help devise a response or mitigation plan for potential threats.
“It is really important for in-house legal counsel to understand what that specific risk profile is for your business” – Annie Haggar
GCs and in-house lawyers need to be aware of the cyber security issues faced by their particular organisation because the type of business undertaken means the types of cyber security threats will be different. Further, the threat actors will be different, the methods of attack will be different and the types of things the threat actors might do to threaten the organisation will be different. Accordingly, considering a question such as: “what are the crown jewels of my company?” can be helpful in assisting GCs and in-house counsel to identify what cyber criminals may target in their organisation and even perhaps the method through which the attacks may occur. As a result, GCs and in-house counsel can formulate and implement the most suitable strategies to defend, protect and help the organisation recover from potential cyberattacks.
Some examples shared by Ms Haggar include:
According to Deloitte, this is an essential element to consider while performing due diligence in order to assess the cyber health of each party, leverage standards and mitigate potential cyber risks before the final integration occurs.
What are the security measures in place to mitigate these risks, as well as the disciplinary actions for repeat failures or lack of security?
This is especially relevant to organisations that operate in multiple jurisdictions as the Laws that govern disclosure of cyber attacks and data privacy (for example, the GDPR or CCPA) are likely to be different and require different processes and response strategies between locations.
“Do it all ahead of time… Have your plan and your team in place for when it happens… The rate of cyber-attacks and other issues are just so high at the moment, you really have to think about it as a when this happens to my business, not if.” – Ms Haggar
Being open-minded to learning about cyber security, devising a plan and recognising when they need help are some ways in-house lawyers can support their organisation’s cyber security response, said Ms Haggar. Again, she emphasised the importance of being proactive and preparing for potential risks so that when an incident does occur, there is a plan in place to manage and contain the damage. Accordingly, building a ‘support team’ specifically for cyber issues, inclusive of a breach coach, incident responders and the IT team, ensures all bases are covered and the individuals with the right expertise and skill sets can effectively respond to the issue when necessary. In essence, it is important to take a 360-degree approach to cyber security within their organisation and enlist the help of other experts to ensure their organisation is sufficiently, and proactively, safeguarded from cyber threats.
The insights shared by Ms Haggar were eye-opening and candidly revealed the double-edged sword of technology advancement. Namely, although technology has delivered growth and prosperity for many aspects of business and society, it has also meant that cyber security literacy and effective risk response and mitigation tactics have never been more important while navigating the digital environment. For legal professionals this necessitates keeping up with the constant changes, taking a collaborative and holistic approach when identifying potential cyber threats, and proactively creating a response plan for when threats occur.
If you’ve ever wondered what ‘RegTech‘ is and what it means for the in-house legal function, then our whitepaper “The Rise of RegTech” is a great place to start. In this whitepaper, we explore the growth of RegTech in industry and how it can be used by in-house legal teams to enhance specific functioning areas of an organisation’s operations.
Transform your legal operations with the intelligent matter and spend management system built for in-house legal teams and their law firms with intake & triage, workflow automation, document automation, collaboration workspaces and BI reporting.