The monthly law journal giving authoratitive insights into all aspects of e-commerce law and regulations affecting online business, including domain names, Intellectual property, copyrights, online advertising, behavourial advertising, cloud computing, net neutrality, privacy, cybercrime, social media, trademarks, online sales, licensing and software / read more
Cyber risk - increasing survivability? By Mark Bailey, Partner at Speechly Bircham
Cyber risk is now a board level responsibility1. The benefits of a cyber risk strategy to a business should be clear. Adopting a risk management approach to cyber security can result in significant benefits for an organisation:
The directors set the culture of a business. UK and EU legislation and regulation however also compel boards to be responsible for direct supervision of the business' conduct and reputation. Other examples include:
Cyber security is a complex issue. To illustrate the complexity by analogy, a tank requires in its design a detailed evaluation against specific threats that it may encounter in the field of: (a) mobility (speed); (b) weight (armour); (c) firepower (weaponry). A balance of all three elements is required: without speed it will be destroyed, without armour it will be destroyed, without firepower it will be destroyed. The proper balance in the field against the threats it encounters results in increased survivability for tank and crew. Cyber security also has three corners:
The chances of survivability for the business are greatly increased if the board can oversee and manage these issues with adequate information. The risks may be different for an online business compared with a more bricks and mortar business, but a similar armoury of weaponry may need to be engaged. Online deals site Living Social is only one of the latest companies to be compromised2. Potentially 50 million accounts were affected by this breach, resulting in names, email addresses, passwords and dates of birth being compromised. In this situation credit card information does not appear to have been assessed, but the breach may well trigger compulsory notifications to data protection authorities and law enforcement officials together with an expensive customer communications programme. Current estimates of the cost of data breaches tend to result in the average cost of a stolen record being somewhere between £71 and £793. So how can lawyers promote survivability for a business? Lawyers need to be engaged in these debates at the highest level to improve governance and contract control:
The complexity of modern business increases and with this comes a requirement to redesign cyber threat and security each time that the world changes. Survivability is key!
Mark Bailey Partner
1. See the Cabinet Office and CESG's paper of 2012 which posed 10 key questions for CEOs and boards about the necessity for a cyber policy: http://www.cesg.gov.uk/News/Pages/10-Steps-to-Cyber-Security.aspx
2. See Computer Weekly, Monday 29 April, www.computerweekly.com/news/2240182794/another-online-firm-hit-by-data-breach
3. See Ponemon Institute 2011 Cost of Data Breach Study - United Kingdom (March 2012).