SlideShare a Scribd company logo

Cyber Security: Whose problem is it?

Download as ODP, PDF
Eversheds Sutherland
Eversheds Sutherland

As press coverage of ever more sophisticated cyber attack increases so does the realisation that this is no longer the stuff of fiction effecting particular “secret” sectors. Nor can it just be regarded as “IT’s problem”. This session will look at the important role that in-house can play in addressing cyber risk, exploring the legal risks associated with it, the practical steps that can be taken internally and what to do if a cyber penetration occurs.

Law
1 of 17
Shine Webinar Series Cyber Security: Whose Problem is it? Paula Barrett, Eversheds LLP 27 November 2014
Cyber Attack What is it? Why do it?
Whose role/responsibility? Information Security? Compliance? Legal? finance? Board? marketing & comms? HR?
Where to Start? Understand the Risks Prevention Dealing with Incident
Section break title Verdana 32pt Sub-heading Times New Roman italic 34pt Understanding the Risks
Types of Asset to be protected • Financial information • Sensitive Personal Data • Personal Data e.g. customer and staff information • Intellectual Property • Other corporate information •
Understanding Legal Risks Legal Obligations/Risks Data Protection Sector specific (e.g. financial services – Prin 3) Corporate Duties? Directors Duties Contractual Confidentiality (to others) Negligence Health & Safety Others?
Risk Financial loss Regulatory Sanctions Reputational Damage Loss of valuable data/competitive advantage International Risk variants? e.g. US class action Theft of information, money, banking information Disruption to trading Costs of sorting out the incident and stopping further penetration Damages claims from individuals or third parties Share value/merger opportunities Contractual sanctions e.g. PCI-DSS Shareholder claims
Section break title Verdana 32pt Sub-heading Times New Roman italic 34pt Incident Prevention
Technical/Operational Prevention • Security Controls – technical, operational • People (including board members) – access controls, home/mobile working, removable media, information sharing exchanges • Testing • Back ups • External expertise required? •
Prevention/Protection – People Training Psychology of Security Align with other programmes Making it real for staff Regular reminders/prompts
Protection –Reducing Legal Risk • Record Retention • Contracts – Review wording in customer, supplier and other third party contracts – What commitments obtained or given – Data Protection Wording – Confidentiality Wording – Breach reporting – Audit – Force majeure – Liability – Public Announcements – Information/Assistance • Procurement processes – asking due diligence questions of suppliers • Review Policies – Employee, Supplier and Customer facing – Employees - IT Use, Home/Mobile Working, Social Media, Data Protection • •
Keeping Alert • Monitor strategy • Information gathering/alerts • Keeping abreast of best practice guidance issued • Use of consultants/external advisors • Participation in sector and other groups • Regular board topic? • Insurance – Check scope and exemptions from existing policies – Worth it? •
Section break title Verdana 32pt Sub-heading Times New Roman italic 34pt Responding to a Cyber Event
Have a Plan A… Know what Cyber Incident Response to do Cyber Incident Response Team Team identified? identified? Internal notification Internal notification processes (NB processes (NB communications may be communications may be down) down) RReehheeaarrssaall?? DDiissaasstteerr RReeccoovveerryy PPllaann BBuussiinneessss CCoonnttiinnuuiittyy PPllaann IInnvveessttiiggaattee Fact Fact finding/finding/investigation investigation – – what what type type of of data, data, volume, volume, timing timing IIddeennttiiffyy tthhee vvuullnneerraabbiilliittyy RReemmoovvee oonnggooiinngg tthhrreeaatt UUssee ooff lleeggaall pprriivviilleeggee NNoottiicceess Notifying individuals or Notifying individuals or third parties whose data is third parties whose data is affected affected Notifying regulators, police or other bodies of attack Notifying regulators, police or other bodies of attack Listed businesses – market announcement required? Listed businesses – market announcement required? Notifying shareholders under Listing principles? Notifying shareholders under Listing principles? Price Sensitive Price Sensitive information/ insider information/ insider notification? notification? OOnnggooiinngg ccoommmmuunniiccaattiioonnss Dealing with incident IP protection strategy – IP protection strategy – cease and desist, injunctions etc cease and desist, injunctions etc RReeccoovveerryy ooff mmoonniieess ssttoolleenn CCyybbeerr eexxttoorrttiioonn LLeessssoonnss lleeaarrnntt
Further reading…. Gov.UK • Cyber risk management: a board level responsibility • 10 Steps to cyber security: executive companion • 10 steps to cyber security: advice sheets https://www.gov.uk/government/publications/cyber-CPNI: http://www.cpni.gov.uk/advice/cyber/ • • •
Cyber-security: whose problem is it? Contact • Paula Barrett DD: 0845 497 4634 Intl: +44 113 200 4890 paulabarrett@eversheds.com • For further information on our upcoming SHINE events and webinars, please visit our website: • http://www.eversheds.com/global/en/what/services/in-house-counsel/events.

Recommended

The Forensics Frontier
The Forensics FrontierThe Forensics Frontier
The Forensics Frontier
whbrown5
 
Executing the Deal: Compliance Requirements
Executing the Deal: Compliance RequirementsExecuting the Deal: Compliance Requirements
Executing the Deal: Compliance Requirements
CT
 
Common structural issues in sector specific M&A transactions
Common structural issues in sector specific M&A transactionsCommon structural issues in sector specific M&A transactions
Common structural issues in sector specific M&A transactions
ALTIUS
 
In House Due Diligence Presentation (2015)
In House Due Diligence Presentation (2015)In House Due Diligence Presentation (2015)
In House Due Diligence Presentation (2015)
Obianuju Menakaya Ifebunandu
 
Human resources: protecting confidentiality
Human resources: protecting confidentiality Human resources: protecting confidentiality
Human resources: protecting confidentiality
KelbySchwender
 
Legal Issues for Innovators & Inventors (Series: Intellectual Property 201)
Legal Issues for Innovators & Inventors (Series: Intellectual Property 201)Legal Issues for Innovators & Inventors (Series: Intellectual Property 201)
Legal Issues for Innovators & Inventors (Series: Intellectual Property 201)
Financial Poise
 
Technology in financial services
Technology in financial servicesTechnology in financial services
Technology in financial services
Rushay Parikh
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
Raymond Cunningham
 

Recommended

The Forensics Frontier
The Forensics FrontierThe Forensics Frontier
The Forensics Frontier
whbrown5
 
Executing the Deal: Compliance Requirements
Executing the Deal: Compliance RequirementsExecuting the Deal: Compliance Requirements
Executing the Deal: Compliance Requirements
CT
 
Common structural issues in sector specific M&A transactions
Common structural issues in sector specific M&A transactionsCommon structural issues in sector specific M&A transactions
Common structural issues in sector specific M&A transactions
ALTIUS
 
In House Due Diligence Presentation (2015)
In House Due Diligence Presentation (2015)In House Due Diligence Presentation (2015)
In House Due Diligence Presentation (2015)
Obianuju Menakaya Ifebunandu
 
Human resources: protecting confidentiality
Human resources: protecting confidentiality Human resources: protecting confidentiality
Human resources: protecting confidentiality
KelbySchwender
 
Legal Issues for Innovators & Inventors (Series: Intellectual Property 201)
Legal Issues for Innovators & Inventors (Series: Intellectual Property 201)Legal Issues for Innovators & Inventors (Series: Intellectual Property 201)
Legal Issues for Innovators & Inventors (Series: Intellectual Property 201)
Financial Poise
 
Technology in financial services
Technology in financial servicesTechnology in financial services
Technology in financial services
Rushay Parikh
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
Raymond Cunningham
 
Digital Sisterhood: A self-care, self-discovery & social justice movement for...
Digital Sisterhood: A self-care, self-discovery & social justice movement for...Digital Sisterhood: A self-care, self-discovery & social justice movement for...
Digital Sisterhood: A self-care, self-discovery & social justice movement for...
Ananda Leeke
 
Women and social media 2012
Women and social media 2012Women and social media 2012
Women and social media 2012
Alfonso Gadea
 
Smart phone security ios system
Smart phone security ios systemSmart phone security ios system
Smart phone security ios system
Jamil S. Alagha
 
Cambio social y educacion la enseñanza como profesion
Cambio social y educacion la enseñanza como profesionCambio social y educacion la enseñanza como profesion
Cambio social y educacion la enseñanza como profesion
Julio M. Treviño
 
Andriod Operting System
Andriod Operting System Andriod Operting System
Andriod Operting System
Hitesh verma
 
Android security
Android securityAndroid security
Android security
Midhun P Gopi
 
Social Media Trends 2017
Social Media Trends 2017Social Media Trends 2017
Social Media Trends 2017
Chris Baker
 
AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)
AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)
AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)
Amazon Web Services
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
Kevin Duffey
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security Program
Raymond Cunningham
 
How to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRHow to handle data breach incidents under GDPR
How to handle data breach incidents under GDPR
Charlie Pownall
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
Glenn E. Davis
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
Sirius
 
ORIENTATION PROGRAM ON INTELLECTUAL PROPERTY FOR MANAGEMENT STUDENTS .ppt
ORIENTATION PROGRAM ON INTELLECTUAL PROPERTY FOR MANAGEMENT STUDENTS .pptORIENTATION PROGRAM ON INTELLECTUAL PROPERTY FOR MANAGEMENT STUDENTS .ppt
ORIENTATION PROGRAM ON INTELLECTUAL PROPERTY FOR MANAGEMENT STUDENTS .ppt
mohamed abd elrazek
 
Reverse Engineer wipo_iipm_ge_07_www_809561.ppt
Reverse Engineer wipo_iipm_ge_07_www_809561.pptReverse Engineer wipo_iipm_ge_07_www_809561.ppt
Reverse Engineer wipo_iipm_ge_07_www_809561.ppt
DenriizkiiArif
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better Cybersecurity
Shawn Tuma
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
TrustArc
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
Jim Brashear
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentation
Rodonoghue72
 
Tradesecrets
TradesecretsTradesecrets
Tradesecrets
Kamma K Babu
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
FERMA
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
TrustArc
 

More Related Content

Viewers also liked

Digital Sisterhood: A self-care, self-discovery & social justice movement for...
Digital Sisterhood: A self-care, self-discovery & social justice movement for...Digital Sisterhood: A self-care, self-discovery & social justice movement for...
Digital Sisterhood: A self-care, self-discovery & social justice movement for...
Ananda Leeke
 
Women and social media 2012
Women and social media 2012Women and social media 2012
Women and social media 2012
Alfonso Gadea
 
Smart phone security ios system
Smart phone security ios systemSmart phone security ios system
Smart phone security ios system
Jamil S. Alagha
 
Cambio social y educacion la enseñanza como profesion
Cambio social y educacion la enseñanza como profesionCambio social y educacion la enseñanza como profesion
Cambio social y educacion la enseñanza como profesion
Julio M. Treviño
 
Andriod Operting System
Andriod Operting System Andriod Operting System
Andriod Operting System
Hitesh verma
 
Android security
Android securityAndroid security
Android security
Midhun P Gopi
 
Social Media Trends 2017
Social Media Trends 2017Social Media Trends 2017
Social Media Trends 2017
Chris Baker
 
AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)
AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)
AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)
Amazon Web Services
 

Viewers also liked (8)

Digital Sisterhood: A self-care, self-discovery & social justice movement for...
Digital Sisterhood: A self-care, self-discovery & social justice movement for...Digital Sisterhood: A self-care, self-discovery & social justice movement for...
Digital Sisterhood: A self-care, self-discovery & social justice movement for...
 
Women and social media 2012
Women and social media 2012Women and social media 2012
Women and social media 2012
 
Smart phone security ios system
Smart phone security ios systemSmart phone security ios system
Smart phone security ios system
 
Cambio social y educacion la enseñanza como profesion
Cambio social y educacion la enseñanza como profesionCambio social y educacion la enseñanza como profesion
Cambio social y educacion la enseñanza como profesion
 
Andriod Operting System
Andriod Operting System Andriod Operting System
Andriod Operting System
 
Android security
Android securityAndroid security
Android security
 
Social Media Trends 2017
Social Media Trends 2017Social Media Trends 2017
Social Media Trends 2017
 
AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)
AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)
AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)
 

Similar to Cyber Security: Whose problem is it?

Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
Kevin Duffey
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security Program
Raymond Cunningham
 
How to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRHow to handle data breach incidents under GDPR
How to handle data breach incidents under GDPR
Charlie Pownall
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
Glenn E. Davis
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
Sirius
 
ORIENTATION PROGRAM ON INTELLECTUAL PROPERTY FOR MANAGEMENT STUDENTS .ppt
ORIENTATION PROGRAM ON INTELLECTUAL PROPERTY FOR MANAGEMENT STUDENTS .pptORIENTATION PROGRAM ON INTELLECTUAL PROPERTY FOR MANAGEMENT STUDENTS .ppt
ORIENTATION PROGRAM ON INTELLECTUAL PROPERTY FOR MANAGEMENT STUDENTS .ppt
mohamed abd elrazek
 
Reverse Engineer wipo_iipm_ge_07_www_809561.ppt
Reverse Engineer wipo_iipm_ge_07_www_809561.pptReverse Engineer wipo_iipm_ge_07_www_809561.ppt
Reverse Engineer wipo_iipm_ge_07_www_809561.ppt
DenriizkiiArif
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better Cybersecurity
Shawn Tuma
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
TrustArc
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
Jim Brashear
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentation
Rodonoghue72
 
Tradesecrets
TradesecretsTradesecrets
Tradesecrets
Kamma K Babu
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
FERMA
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
TrustArc
 
Trade secrets
Trade secretsTrade secrets
Trade secrets
PROF. PUTTU GURU PRASAD
 
Business Law Training: Market Turmoil in D&O Insurance and Is Your Company Pr...
Business Law Training: Market Turmoil in D&O Insurance and Is Your Company Pr...Business Law Training: Market Turmoil in D&O Insurance and Is Your Company Pr...
Business Law Training: Market Turmoil in D&O Insurance and Is Your Company Pr...
Quarles & Brady
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Sirius
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
Asad Zaman
 
Ingenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceIngenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM compliance
Sami Benafia
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
AIIM International
 

Similar to Cyber Security: Whose problem is it? (20)

Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security Program
 
How to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRHow to handle data breach incidents under GDPR
How to handle data breach incidents under GDPR
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
ORIENTATION PROGRAM ON INTELLECTUAL PROPERTY FOR MANAGEMENT STUDENTS .ppt
ORIENTATION PROGRAM ON INTELLECTUAL PROPERTY FOR MANAGEMENT STUDENTS .pptORIENTATION PROGRAM ON INTELLECTUAL PROPERTY FOR MANAGEMENT STUDENTS .ppt
ORIENTATION PROGRAM ON INTELLECTUAL PROPERTY FOR MANAGEMENT STUDENTS .ppt
 
Reverse Engineer wipo_iipm_ge_07_www_809561.ppt
Reverse Engineer wipo_iipm_ge_07_www_809561.pptReverse Engineer wipo_iipm_ge_07_www_809561.ppt
Reverse Engineer wipo_iipm_ge_07_www_809561.ppt
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better Cybersecurity
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentation
 
Tradesecrets
TradesecretsTradesecrets
Tradesecrets
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
 
Trade secrets
Trade secretsTrade secrets
Trade secrets
 
Business Law Training: Market Turmoil in D&O Insurance and Is Your Company Pr...
Business Law Training: Market Turmoil in D&O Insurance and Is Your Company Pr...Business Law Training: Market Turmoil in D&O Insurance and Is Your Company Pr...
Business Law Training: Market Turmoil in D&O Insurance and Is Your Company Pr...
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
 
Ingenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceIngenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM compliance
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
 

More from Eversheds Sutherland

The fourth industrial revolution
The fourth industrial revolutionThe fourth industrial revolution
The fourth industrial revolution
Eversheds Sutherland
 
Conduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial SectorConduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial Sector
Eversheds Sutherland
 
Navigating the Insurance Act
Navigating the Insurance ActNavigating the Insurance Act
Navigating the Insurance Act
Eversheds Sutherland
 
How technology and innovative processes can make your legal team more efficient
How technology and innovative processes can make your legal team more efficientHow technology and innovative processes can make your legal team more efficient
How technology and innovative processes can make your legal team more efficient
Eversheds Sutherland
 
Preparing for Brexit - Future proofing your contracts
Preparing for Brexit - Future proofing your contractsPreparing for Brexit - Future proofing your contracts
Preparing for Brexit - Future proofing your contracts
Eversheds Sutherland
 
State Aid and Tax – Understanding the risks
State Aid and Tax – Understanding the risksState Aid and Tax – Understanding the risks
State Aid and Tax – Understanding the risks
Eversheds Sutherland
 
Opportunities and challenges of managing a globally mobile workforce
Opportunities and challenges of managing a globally mobile workforceOpportunities and challenges of managing a globally mobile workforce
Opportunities and challenges of managing a globally mobile workforce
Eversheds Sutherland
 
Post Brexit Update
Post Brexit UpdatePost Brexit Update
Post Brexit Update
Eversheds Sutherland
 
Getting over ‘Regrexit’ - Post Brexit Real Estate Opportunities
Getting over ‘Regrexit’ - Post Brexit Real Estate OpportunitiesGetting over ‘Regrexit’ - Post Brexit Real Estate Opportunities
Getting over ‘Regrexit’ - Post Brexit Real Estate Opportunities
Eversheds Sutherland
 
Metrics for In-House Teams
Metrics for In-House TeamsMetrics for In-House Teams
Metrics for In-House Teams
Eversheds Sutherland
 
State Aid and Tax challenges - 13 May 2016
State Aid and Tax challenges - 13 May 2016State Aid and Tax challenges - 13 May 2016
State Aid and Tax challenges - 13 May 2016
Eversheds Sutherland
 
Is your intellectual property at risk?
Is your intellectual property at risk?Is your intellectual property at risk?
Is your intellectual property at risk?
Eversheds Sutherland
 
The Key Role of In-House Legal in Business and Human Rights
The Key Role of In-House Legal in Business and Human RightsThe Key Role of In-House Legal in Business and Human Rights
The Key Role of In-House Legal in Business and Human Rights
Eversheds Sutherland
 
Front office controls – what are the FCA’s expectations?
Front office controls – what are the FCA’s expectations?Front office controls – what are the FCA’s expectations?
Front office controls – what are the FCA’s expectations?
Eversheds Sutherland
 
Eversheds CREATE Workshop #1: Real estate holding structures
Eversheds CREATE Workshop #1: Real estate holding structuresEversheds CREATE Workshop #1: Real estate holding structures
Eversheds CREATE Workshop #1: Real estate holding structures
Eversheds Sutherland
 
Data Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessData Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your business
Eversheds Sutherland
 
LawWithoutWalls - 2016 projects of worth
LawWithoutWalls - 2016 projects of worthLawWithoutWalls - 2016 projects of worth
LawWithoutWalls - 2016 projects of worth
Eversheds Sutherland
 
Eversheds 'Spotlight on the Cloud' - headline results presentation and key sp...
Eversheds 'Spotlight on the Cloud' - headline results presentation and key sp...Eversheds 'Spotlight on the Cloud' - headline results presentation and key sp...
Eversheds 'Spotlight on the Cloud' - headline results presentation and key sp...
Eversheds Sutherland
 
Bribery and Corruption Campaign
Bribery and Corruption CampaignBribery and Corruption Campaign
Bribery and Corruption Campaign
Eversheds Sutherland
 
Talent Management – Harnessing the power of your team
Talent Management – Harnessing the power of your teamTalent Management – Harnessing the power of your team
Talent Management – Harnessing the power of your team
Eversheds Sutherland
 

More from Eversheds Sutherland (20)

The fourth industrial revolution
The fourth industrial revolutionThe fourth industrial revolution
The fourth industrial revolution
 
Conduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial SectorConduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial Sector
 
Navigating the Insurance Act
Navigating the Insurance ActNavigating the Insurance Act
Navigating the Insurance Act
 
How technology and innovative processes can make your legal team more efficient
How technology and innovative processes can make your legal team more efficientHow technology and innovative processes can make your legal team more efficient
How technology and innovative processes can make your legal team more efficient
 
Preparing for Brexit - Future proofing your contracts
Preparing for Brexit - Future proofing your contractsPreparing for Brexit - Future proofing your contracts
Preparing for Brexit - Future proofing your contracts
 
State Aid and Tax – Understanding the risks
State Aid and Tax – Understanding the risksState Aid and Tax – Understanding the risks
State Aid and Tax – Understanding the risks
 
Opportunities and challenges of managing a globally mobile workforce
Opportunities and challenges of managing a globally mobile workforceOpportunities and challenges of managing a globally mobile workforce
Opportunities and challenges of managing a globally mobile workforce
 
Post Brexit Update
Post Brexit UpdatePost Brexit Update
Post Brexit Update
 
Getting over ‘Regrexit’ - Post Brexit Real Estate Opportunities
Getting over ‘Regrexit’ - Post Brexit Real Estate OpportunitiesGetting over ‘Regrexit’ - Post Brexit Real Estate Opportunities
Getting over ‘Regrexit’ - Post Brexit Real Estate Opportunities
 
Metrics for In-House Teams
Metrics for In-House TeamsMetrics for In-House Teams
Metrics for In-House Teams
 
State Aid and Tax challenges - 13 May 2016
State Aid and Tax challenges - 13 May 2016State Aid and Tax challenges - 13 May 2016
State Aid and Tax challenges - 13 May 2016
 
Is your intellectual property at risk?
Is your intellectual property at risk?Is your intellectual property at risk?
Is your intellectual property at risk?
 
The Key Role of In-House Legal in Business and Human Rights
The Key Role of In-House Legal in Business and Human RightsThe Key Role of In-House Legal in Business and Human Rights
The Key Role of In-House Legal in Business and Human Rights
 
Front office controls – what are the FCA’s expectations?
Front office controls – what are the FCA’s expectations?Front office controls – what are the FCA’s expectations?
Front office controls – what are the FCA’s expectations?
 
Eversheds CREATE Workshop #1: Real estate holding structures
Eversheds CREATE Workshop #1: Real estate holding structuresEversheds CREATE Workshop #1: Real estate holding structures
Eversheds CREATE Workshop #1: Real estate holding structures
 
Data Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessData Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your business
 
LawWithoutWalls - 2016 projects of worth
LawWithoutWalls - 2016 projects of worthLawWithoutWalls - 2016 projects of worth
LawWithoutWalls - 2016 projects of worth
 
Eversheds 'Spotlight on the Cloud' - headline results presentation and key sp...
Eversheds 'Spotlight on the Cloud' - headline results presentation and key sp...Eversheds 'Spotlight on the Cloud' - headline results presentation and key sp...
Eversheds 'Spotlight on the Cloud' - headline results presentation and key sp...
 
Bribery and Corruption Campaign
Bribery and Corruption CampaignBribery and Corruption Campaign
Bribery and Corruption Campaign
 
Talent Management – Harnessing the power of your team
Talent Management – Harnessing the power of your teamTalent Management – Harnessing the power of your team
Talent Management – Harnessing the power of your team
 

Recently uploaded

Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
PelayoGilbert
 
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersDefending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
HarpreetSaini48
 
Business Laws Sunita saha
Business Laws Sunita sahaBusiness Laws Sunita saha
Business Laws Sunita saha
sunitasaha5
 
The Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdfThe Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdf
veteranlegal
 
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
gjsma0ep
 
The Work Permit for Self-Employed Persons in Italy
The Work Permit for Self-Employed Persons in ItalyThe Work Permit for Self-Employed Persons in Italy
The Work Permit for Self-Employed Persons in Italy
BridgeWest.eu
 
From Promise to Practice. Implementing AI in Legal Environments
From Promise to Practice. Implementing AI in Legal EnvironmentsFrom Promise to Practice. Implementing AI in Legal Environments
From Promise to Practice. Implementing AI in Legal Environments
ssusera97a2f
 
Incometax Compliance_PF_ ESI- June 2024
Incometax Compliance_PF_ ESI- June 2024Incometax Compliance_PF_ ESI- June 2024
Incometax Compliance_PF_ ESI- June 2024
EbizfilingIndia
 
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Massimo Talia
 
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
SKshi
 
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Syed Muhammad Humza Hussain
 
What are the common challenges faced by women lawyers working in the legal pr...
What are the common challenges faced by women lawyers working in the legal pr...What are the common challenges faced by women lawyers working in the legal pr...
What are the common challenges faced by women lawyers working in the legal pr...
lawyersonia
 
Genocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptxGenocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptx
MasoudZamani13
 
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee
 
Lifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point PresentationLifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point Presentation
seri bangash
 
fnaf lore.pptx ...................................
fnaf lore.pptx ...................................fnaf lore.pptx ...................................
fnaf lore.pptx ...................................
20jcoello
 
San Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at SeaSan Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at Sea
Justin Ordoyo
 
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
osenwakm
 
Search Warrants for NH Law Enforcement Officers
Search Warrants for NH Law Enforcement OfficersSearch Warrants for NH Law Enforcement Officers
Search Warrants for NH Law Enforcement Officers
RichardTheberge
 
Matthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government LiaisonMatthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government Liaison
MattGardner52
 

Recently uploaded (20)

Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
 
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersDefending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
 
Business Laws Sunita saha
Business Laws Sunita sahaBusiness Laws Sunita saha
Business Laws Sunita saha
 
The Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdfThe Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdf
 
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
 
The Work Permit for Self-Employed Persons in Italy
The Work Permit for Self-Employed Persons in ItalyThe Work Permit for Self-Employed Persons in Italy
The Work Permit for Self-Employed Persons in Italy
 
From Promise to Practice. Implementing AI in Legal Environments
From Promise to Practice. Implementing AI in Legal EnvironmentsFrom Promise to Practice. Implementing AI in Legal Environments
From Promise to Practice. Implementing AI in Legal Environments
 
Incometax Compliance_PF_ ESI- June 2024
Incometax Compliance_PF_ ESI- June 2024Incometax Compliance_PF_ ESI- June 2024
Incometax Compliance_PF_ ESI- June 2024
 
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
 
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
 
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
 
What are the common challenges faced by women lawyers working in the legal pr...
What are the common challenges faced by women lawyers working in the legal pr...What are the common challenges faced by women lawyers working in the legal pr...
What are the common challenges faced by women lawyers working in the legal pr...
 
Genocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptxGenocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptx
 
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
 
Lifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point PresentationLifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point Presentation
 
fnaf lore.pptx ...................................
fnaf lore.pptx ...................................fnaf lore.pptx ...................................
fnaf lore.pptx ...................................
 
San Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at SeaSan Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at Sea
 
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
 
Search Warrants for NH Law Enforcement Officers
Search Warrants for NH Law Enforcement OfficersSearch Warrants for NH Law Enforcement Officers
Search Warrants for NH Law Enforcement Officers
 
Matthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government LiaisonMatthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government Liaison
 

Cyber Security: Whose problem is it?

  • 1. Shine Webinar Series Cyber Security: Whose Problem is it? Paula Barrett, Eversheds LLP 27 November 2014
  • 2. Cyber Attack What is it? Why do it?
  • 3. Whose role/responsibility? Information Security? Compliance? Legal? finance? Board? marketing & comms? HR?
  • 4. Where to Start? Understand the Risks Prevention Dealing with Incident
  • 5. Section break title Verdana 32pt Sub-heading Times New Roman italic 34pt Understanding the Risks
  • 6. Types of Asset to be protected • Financial information • Sensitive Personal Data • Personal Data e.g. customer and staff information • Intellectual Property • Other corporate information •
  • 7. Understanding Legal Risks Legal Obligations/Risks Data Protection Sector specific (e.g. financial services – Prin 3) Corporate Duties? Directors Duties Contractual Confidentiality (to others) Negligence Health & Safety Others?
  • 8. Risk Financial loss Regulatory Sanctions Reputational Damage Loss of valuable data/competitive advantage International Risk variants? e.g. US class action Theft of information, money, banking information Disruption to trading Costs of sorting out the incident and stopping further penetration Damages claims from individuals or third parties Share value/merger opportunities Contractual sanctions e.g. PCI-DSS Shareholder claims
  • 9. Section break title Verdana 32pt Sub-heading Times New Roman italic 34pt Incident Prevention
  • 10. Technical/Operational Prevention • Security Controls – technical, operational • People (including board members) – access controls, home/mobile working, removable media, information sharing exchanges • Testing • Back ups • External expertise required? •
  • 11. Prevention/Protection – People Training Psychology of Security Align with other programmes Making it real for staff Regular reminders/prompts
  • 12. Protection –Reducing Legal Risk • Record Retention • Contracts – Review wording in customer, supplier and other third party contracts – What commitments obtained or given – Data Protection Wording – Confidentiality Wording – Breach reporting – Audit – Force majeure – Liability – Public Announcements – Information/Assistance • Procurement processes – asking due diligence questions of suppliers • Review Policies – Employee, Supplier and Customer facing – Employees - IT Use, Home/Mobile Working, Social Media, Data Protection • •
  • 13. Keeping Alert • Monitor strategy • Information gathering/alerts • Keeping abreast of best practice guidance issued • Use of consultants/external advisors • Participation in sector and other groups • Regular board topic? • Insurance – Check scope and exemptions from existing policies – Worth it? •
  • 14. Section break title Verdana 32pt Sub-heading Times New Roman italic 34pt Responding to a Cyber Event
  • 15. Have a Plan A… Know what Cyber Incident Response to do Cyber Incident Response Team Team identified? identified? Internal notification Internal notification processes (NB processes (NB communications may be communications may be down) down) RReehheeaarrssaall?? DDiissaasstteerr RReeccoovveerryy PPllaann BBuussiinneessss CCoonnttiinnuuiittyy PPllaann IInnvveessttiiggaattee Fact Fact finding/finding/investigation investigation – – what what type type of of data, data, volume, volume, timing timing IIddeennttiiffyy tthhee vvuullnneerraabbiilliittyy RReemmoovvee oonnggooiinngg tthhrreeaatt UUssee ooff lleeggaall pprriivviilleeggee NNoottiicceess Notifying individuals or Notifying individuals or third parties whose data is third parties whose data is affected affected Notifying regulators, police or other bodies of attack Notifying regulators, police or other bodies of attack Listed businesses – market announcement required? Listed businesses – market announcement required? Notifying shareholders under Listing principles? Notifying shareholders under Listing principles? Price Sensitive Price Sensitive information/ insider information/ insider notification? notification? OOnnggooiinngg ccoommmmuunniiccaattiioonnss Dealing with incident IP protection strategy – IP protection strategy – cease and desist, injunctions etc cease and desist, injunctions etc RReeccoovveerryy ooff mmoonniieess ssttoolleenn CCyybbeerr eexxttoorrttiioonn LLeessssoonnss lleeaarrnntt
  • 16. Further reading…. Gov.UK • Cyber risk management: a board level responsibility • 10 Steps to cyber security: executive companion • 10 steps to cyber security: advice sheets https://www.gov.uk/government/publications/cyber-CPNI: http://www.cpni.gov.uk/advice/cyber/ • • •
  • 17. Cyber-security: whose problem is it? Contact • Paula Barrett DD: 0845 497 4634 Intl: +44 113 200 4890 paulabarrett@eversheds.com • For further information on our upcoming SHINE events and webinars, please visit our website: • http://www.eversheds.com/global/en/what/services/in-house-counsel/events.

Editor's Notes

  1. Edit Presentation title in header of Notes and Handouts tab - View, Header and Footer 1
  2. Edit Presentation title in header of Notes and Handouts tab - View, Header and Footer 2
  3. Edit Presentation title in header of Notes and Handouts tab - View, Header and Footer 5
  4. Edit Presentation title in header of Notes and Handouts tab - View, Header and Footer 9
  5. Edit Presentation title in header of Notes and Handouts tab - View, Header and Footer 14
  6. 17