News & Insights

Legal Risks Associated with Cyberattacks

Legal Risks Associated with CyberattacksPROACTIVE MEASURES AGAINST CYBERATTACKS

The recent ransomware attack that has affected more than 100,000 organizations has emphasized how immense the potential impact can be on the financial services industry. It is imperative for firms to protect their network from these types of threats through various technical lines of defense, including:

  • Offline and secure backups of the firm’s data (such as an external physical hard drive);
  • Updating software, patches, and operating systems;
  • Monitoring and intrusion detection;
  • Training employees to practice vigilance against cyber risks like phishing schemes;
  • Layered security approaches tailored to the firm’s cyber risks, system and information; and
  • A thoroughly tested incident response plan.

While these technical protections may be in place, there still remains the threat that new and more sophisticated cyberattacks can breach these lines of defense. In the event that a cyberattack is successful, firms should strongly consider the necessity for legal counsel prior to the attack.

THE APPLICABILTY OF LEGAL COUNSEL

There are a variety of different legal situations that can have significant consequences if not addressed immediately by experienced legal counsel. Scenarios to consider include:

  • The necessity of attorney-client privilege in the case of an initial cyber investigation so that the firm may obtain candid legal advice;
  • Determining whether the cyberattack triggers any potential legal notification requirements obligated under contract or statute;
  • Devising an effective strategy in responding to inquiries initiated by federal regulators, state regulators and law enforcement;
  • Identifying potential civil actions and mitigating associated costs;
  • Ensuring antitrust protections are established when sharing cyber threat indicators and defensive measures with competitors as required by The Cybersecurity Information Sharing Act of 2015; and
  • Reviewing what is covered by cyber insurance.

WHAT DOES THIS MEAN FOR ME?The legal proceedings that result from a cyberattack require a thorough understanding of all potential implications and how to mitigate these risks. Fairview® encourages firms to consider the value of maintaining legal counsel prior to a possible security breach, including the ability to preserve attorney-client privilege. This legal assistance can be instrumental in minimizing possible business disruptions.

Sources: https://www.morganlewis.com/pubs/wannacry-ransomware-cyberattack-raises-legal-issues