Cybersecurity lifecycle

Overview

Click on the icons below to view the stages of the Cybersecurity Lifecycle and the steps you can take to protect your business. For more information and to see how we can help please visit our Cybersecurity page.

Click on each stage to learn more

Identify

  • Identify key business assets.
    As a first step, take an inventory of your business assets and identify those that are critical or otherwise of high importance. Your inventory should include your key intangible assets (for example, customer data stores, business plans and trade secrets) as well as physical networks and hardware.

  • Identify external dependencies.
    Your inventory should consider assets outside of your organisation upon which you rely.  Does your business operate using an external network or cloud service provider?  Do you offer any services that customers are able to access remotely?  Do your subcontractors have control over any of your key assets?

  • Assess risk associated with the above.
    For each asset that you have identified, consider its value.  Make a risk assessment of how much damage your business could suffer if each asset was compromised.  This will help you to determine the level of security that you should apply to each of your assets. 

LEGAL SUPPORT:

  • Audit of supply contracts.
    Part of your risk assessment should involve a review of your existing supplier relationships.  Do you have appropriate warranties on IT security?  What remedies are available should your supplier cause a network breach?  Our Commercial team can audit your supply contracts and advise on these points.

  • Review employment contracts and internal policies
    It is important not to focus solely on protecting against threats from outside your organisation – PwC's 2014 Global Economic Crime Survey found that more than half of companies surveyed reported their main threat to be from an insider. Our Employment team can advise on the adequacy of your standard terms of employment and internal policies to protect against insider security threats.

  • Assess safeguards over trade secrets and intellectual property
    Our Trade Secrets group can advise on the protection available for your intellectual property, including any registration requirements and how best to document and manage your business ideas.


KEY CONTACTS:

 Wayne-Warren  Image of Toby Bond
Warren Wayne
Toby Bond

< Back
>

Protect

ACTION:

  • Develop measures and policies commensurate to risk profile
    Striving to attain impenetrable network security for all areas of your business may quickly run up unwarranted costs.  A more sensible approach is to apply protections proportionate to the risk faced by your business. After identifying your key assets and the risks associated with each, you will be able to determine the areas of your business that require the most protection and allocate your IT spend accordingly.

  • Implement measures.
    The level of security that you require will depend on the risk profile of your business. Possible measures that you should consider include: deploying malware protection and automated system monitoring; introducing IT policies for staff and subcontractors; user awareness and training; and creating incident response plans.

LEGAL SUPPORT:

  • Review and negotiation of IT licences and consultancy agreements.
    Depending on the level of risk that you face, you may consider enlisting a specialist IT consultant to help implement your security measures. Our commercial expertise and deep industry knowledge of cybersecurity means that we are well placed to advise on any software licenses and service contracts associated with your IT security.

  • Compliance check of personal data storage.
    Our Data Protection group can advise on the suitability of your measures to protect customer information and other personal data.


KEY CONTACTS:

Leach Mark Edwards-Ian Image of James Mullock Shooter-Simon
Mark Leach
Ian Edwards James Mullock
Simon Shooter
< Back
>

Detect

ACTION:

  • Staff awareness and reporting
    With adequate training, your staff can become your front line for detecting cybersecurity breaches. It is important that your employees are able to identify possible threats to your network and are aware of how to report incidents.

  • IT solutions (e.g. real-time monitoring software)
    As well as training staff to detect cyber threats, you may consider deploying dedicated software or other IT services to identify and report breaches. A vast array of monitoring products has emerged on the marketplace in recent times and we would recommend researching carefully the products most suitable for your business.

LEGAL SUPPORT:

  • Short-term legal resource to maintain business continuity
    Depending on the scale of the breach, your in-house legal teams may be required to assist with your response at short notice. Bird & Bird can provide extra bandwidth to your legal team to assist on business as usual matters whilst your legal team is engaged in resolving the incident.


KEY CONTACTS:

Leach Mark Edwards-Ian Shooter-Simon
Mark Leach
 Ian Edwards Simon Shooter
< Back
>

Respond

ACTION:

  • Follow business continuity procedures
    It is at this stage that your early work to identify and protect your business assets pays off. Follow your business continuity procedures and plans to allow your business to continue operating whilst you work to resolve the breach.

  • Identify the source of the breach
    An important part of resolving the breach is to work out where it came from. Work should be done to identify the source of the breach so that you may take steps to stop it from happening again. Identifying the perpetrator will also help should you wish to take action against them.

LEGAL SUPPORT:

  • Advice on compliance with data protection and cybersecurity regulation
    Depending on the scale of the breach, the nature of your business and the jurisdictions in which you operate, there may be regulatory requirements that you have to comply with following a security breach.  Our global reach and market leading expertise in cybersecurity and data protection mean that we are well placed to advise on any regulatory steps that you must take.

  • Advice on regulatory compliance
    Businesses today operate in a patchwork of regulation on cybersecurity and data protection.  With offices in 18 countries and strong links with an international network of lawyers, we can advise on any regulatory steps that you should take having identified at security breach.

  • Reputation management
    A security breach may attract unwanted media attention and have a significant impact on your reputation.  Our Reputation Management team can steer you through the process of dealing with the media and managing the fallout of a cybersecurity breach.

KEY CONTACTS:

Boardman-Ruth Sherrell-Phil
Ruth Boardman
Phil Sherrell

< Back
>

Recover

ACTION:

  • Deploy 'full-fix'
    Having identified the breach and maintained business continuity, your next focus should be to prevent the breach from reoccurring. The steps that you should take will depend on the cause of the breach and could vary from updating your IT architecture to restricting user access to your network. 

  • Notify affected customers, employees and subcontractors
    It is important to take stock of any data that has been compromised so that those affected can be notified.  You should investigate the scope of data that has been affected and give appropriate notices to any affected parties.

LEGAL SUPPORT:

  • Advice on ownership of software fixes
    Our expertise on contracting for IT services and intellectual property issues mean that we can offer comprehensive advice on the licensing and ownership of any software fixes that you require.

  • Advice on liability for losses
    Our Dispute Resolution team can provide a thorough assessment of your potential liability arising from the breach as well as that of any parties from which you may seek to recoup your own losses.  


KEY CONTACTS:

Leach Mark Edwards-Ian Shooter-Simon
Image of Bryony Cain
Mark Leach
Ian Edwards Simon Shooter Bryony Cain
< Back
>

Review

ACTION:

  • Update internal policies and procedures
    After resolution of a breach, it is worth considering whether your internal policies and procedures on IT security could be updated to prevent the same breach from reoccurring.  Depending on the severity of the breach, it may also be helpful to provide training to employees on how the breach occurred and how similar incidents could be prevented in the future.

  • Share lessons learned with wider community
    Collaboration on cybersecurity is one of industry's best weapons against hackers. Various industry forums exist where businesses can exchange information on current cyber threats. It may be of benefit both to you and the wider business community to share details of the breach and its likely source.

  • Consider enforcement action if possible.
    It can be notoriously difficult to identify and track down perpetrators of cybersecurity attacks.  To the extent that your investigations reveal the source of the attack, you may consider informing law enforcement or bringing a claim against the attacker.

LEGAL SUPPORT:

  • Private prosecution against perpetrator

    Our Dispute Resolution team can assist should you wish to bring legal action against the parties responsible for the security breach.

  • Recover lost assets
    Our Trade Secrets team can advise on action which can be taken to recover any digital assets taken in a security breach and to prevent their further dissemination.

KEY CONTACTS:

 Wayne-Warren  Image of Bryony Cain
Warren Wayne
 Bryony cain

< Back
>