Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
With over 30 practice areas, we have all bases covered. Find out how we can help
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Regulatory, business information and analytics solutions that help professionals make better decisions
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Printer Friendly Version
When it comes to cybersecurity, it is not a question of ‘if’ but ‘when’ a cyberattack will happen. So how can an organisation best protect itself? On 21 June 2016, the LexisNexis In-house Advisory Board met to discuss the challenges of cybersecurity and the role of education and communication in helping to prepare against a threat.
The session, facilitated by Marc Dautlich, partner in the TMT group and Head of the Information Law team at Pinsent Masons, opened with an exploration of how cybersecurity attacks range in scale and how that affects an organisation’s response. It is crucial to be able to deal with any attack in such a way that financial and reputational damage is kept to a minimum.
Education and communication
The Board members discussed the importance of running simulations and awareness campaigns to educate employees as the first line of defence. Such initiatives help the organisation prepare as much as possible for a cyberattack, and can include, for example, sending fake phishing emails to ascertain employees’ responses. Can they detect a threat? Do they know what to do and who to report it to?
Organisations often commission a report to fully understand a cyberattack. The Board considered whether the cloak of legal privilege should be thrown over such commissioned reports in terms of their vulnerability to future disclosure to third parties. Privilege is a huge issue and needs to be considered early on. This can be a problem as the underlying facts and extent of an incident aren’t always known in the very early stages.
Preparing for a cyberattack
Many elements of a response plan can be pre-prepared. The main recommendation discussed by the Board was to run simulations for the executive response team. Knowing what to expect and how people react allows an organisation to formulate more effective communication and reporting processes. In many cases, a cyberattack involves an organisation’s supply chain and it is important to understand the implications of this. It is one of the most vulnerable channels and presents significant risks.
PR responses can be written in advance, but there still needs to be a response plan to deal with situations as they develop. It was recommended that organisations consider the question ‘What do you want your customers to do in response to notification of the problem?’. Is there an action they should take (for example, change their password) or is it the case that they just need to be informed?
It is possible to make a much more credible PR statement if the organisation can show that it had not been careless and had taken the appropriate precautions (eg by ensuring it has a compliant culture, the right policies and training).
The overwhelming takeaway from the Advisory Board meeting was that organisations can never rehearse or prepare too much for a cyberattack. The most important measures to set in place include:
Read a full summary of the LexisNexis In-house Advisory Board meeting here.
0330 161 1234