Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
Find up-to-date guidance on points of law and then easily pull up sources to support your advice with Lexis PSL
Check out our straightforward definitions of common legal terms.
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Access our unrivalled global news content, business information and analytics solutions
Insurance, risk and compliance intelligence using big data, proprietary linking and advanced analytics.
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Discuss the latest legal developments, ask questions, and share best practice with other LexisPSL subscribers
When it comes to cybersecurity, it is not a question of ‘if’ but ‘when’ a cyberattack will happen. So how can an organisation best protect itself? On 21 June 2016, the LexisNexis In-house Advisory Board met to discuss the challenges of cybersecurity and the role of education and communication in helping to prepare against a threat.
The session, facilitated by Marc Dautlich, partner in the TMT group and Head of the Information Law team at Pinsent Masons, opened with an exploration of how cybersecurity attacks range in scale and how that affects an organisation’s response. It is crucial to be able to deal with any attack in such a way that financial and reputational damage is kept to a minimum.
Education and communication
The Board members discussed the importance of running simulations and awareness campaigns to educate employees as the first line of defence. Such initiatives help the organisation prepare as much as possible for a cyberattack, and can include, for example, sending fake phishing emails to ascertain employees’ responses. Can they detect a threat? Do they know what to do and who to report it to?
Organisations often commission a report to fully understand a cyberattack. The Board considered whether the cloak of legal privilege should be thrown over such commissioned reports in terms of their vulnerability to future disclosure to third parties. Privilege is a huge issue and needs to be considered early on. This can be a problem as the underlying facts and extent of an incident aren’t always known in the very early stages.
Preparing for a cyberattack
Many elements of a response plan can be pre-prepared. The main recommendation discussed by the Board was to run simulations for the executive response team. Knowing what to expect and how people react allows an organisation to formulate more effective communication and reporting processes. In many cases, a cyberattack involves an organisation’s supply chain and it is important to understand the implications of this. It is one of the most vulnerable channels and presents significant risks.
PR responses can be written in advance, but there still needs to be a response plan to deal with situations as they develop. It was recommended that organisations consider the question ‘What do you want your customers to do in response to notification of the problem?’. Is there an action they should take (for example, change their password) or is it the case that they just need to be informed?
It is possible to make a much more credible PR statement if the organisation can show that it had not been careless and had taken the appropriate precautions (eg by ensuring it has a compliant culture, the right policies and training).
The overwhelming takeaway from the Advisory Board meeting was that organisations can never rehearse or prepare too much for a cyberattack. The most important measures to set in place include:
Read a full summary of the LexisNexis In-house Advisory Board meeting here.
Free trials are only available to individuals based in the UK
* denotes a required field
Sophie is Head of Learning & Development at F-LEX Legal - an award winning legal tech startup helping law firms and organisations manage a flexible work force and supporting lawyers to make smarter life/work choices.
As part of her portfolio career Sophie runs various learning and development and networking forums for in-house lawyers and mentors junior lawyers. These include Flying Solo for small and solo legal teams and Aspire for junior in-house lawyers which she runs for LexisNexis UK. She also works with schools and organisations to promote social mobility within the legal profession, working with The Social Mobility Business Partnership and Aspiring Solicitors.
She trained as a lawyer in the City and worked as an in-house lawyer for 10 years including as Head of Legal for Virgin Radio and Ginger Media Group.
Outside of work she is happily married with three sons and enjoys morning walks along the beach with her two dogs.
0330 161 1234