Cybersecurity lifecycle

Overview

Click on the icons below to view the stages of the Cybersecurity Lifecycle and the steps you can take to protect your business. For more information and to see how we can help please visit our Cybersecurity page.

Click on each stage to learn more

Identify

Action:

Identify key business assets.

As a first step, take an inventory of your business assets and identify those that are business critical or otherwise of high importance.  Your inventory should include any key intangible assets (such as customer data stores, business plans and trade secrets) as well as physical networks and hardware.

Identify external dependencies.

Your inventory should consider assets outside of your organisation on which you rely.  Does your business operate using an external network or cloud service provider?  Do you offer any services that customers are able to access remotely?  Are any key assets held with your subcontractors?

Assess risk associated with the above.

For each asset that you have identified, consider its value.  Make a risk assessment of how much damage your business could suffer if the asset was compromised.  This will help you to determine what level of security you should apply to each.

Legal support:

Audit of supply contracts.

Part of your risk assessment should involve a review of your existing relationships with your suppliers. Do you have appropriate warranties on IT security? Is there a suitable remedy should your supplier cause a network breach? Our Commercial team can audit your supply contracts and advise on any risks.

Review employment contracts and internal policies

It is important not to focus solely on protecting against threats from outside your organisation – PwC's 2014 Global Economic Crime Survey found that more than half of companies surveyed reported their main threat to be from an insider. Our Employment team can advise on the adequacy of your standard terms of employment and internal policies to protect against insider security threats.

Assess safeguards over trade secrets and intellectual property

Our Trade Secrets group can advise on the protection available for your intellectual property, including any registration requirements and how best to document your business ideas.

KEY CONTACTS:

 Image of Toby Bond  Sherrell-Phil
Toby Bond  Phil Sherrell

< Back
>

Protect

Action:

Develop measures and policies commensurate to risk profile

Striving to attain impenetrable network security for all areas of your business may quickly run up unwarranted costs. A more sensible approach would be to apply protections proportionate to the risk faced by your business. After identifying your key assets and the risks associated with each, you will be able to determine which areas of your business require the most protection and allocate your IT spend accordingly.

Implement measures

The level of security that you require will depend on the risk profile of your business. Possible measures that you should consider include: deploying malware protection and automated system monitoring; introducing IT policies for staff and subcontractors; user awareness and training; and creating incident response plans.

Legal support:

Review and negotiation of IT licences and consultancy agreements

Depending on the level of risk that you face, you may consider enlisting a specialist IT consultant to help implement your security measures. Our commercial expertise and deep industry knowledge of cybersecurity means that we are well placed to advise on any software licenses and service contracts associated with your IT security.

Compliance check of personal data storage

Our Data Protection group can advise on the suitability of your measures to protect customer information and other personal data.

KEY CONTACTS:
Image of James Mullock Shooter-Simon
James Mullock
Simon Shooter
< Back
>

Detect

Action:

Staff awareness and reporting.

With adequate training, your staff can become your front line for detecting cybersecurity breaches.  It is important that your employees are able to identify possible threats to your network and are aware of how to report incidents.

IT solutions (e.g. real-time monitoring software).

As well as training staff to detect cyber threats, you may consider deploying dedicated software or other IT services to identify and report breaches. A vast array of monitoring products has emerged on the marketplace in recent times and we would recommend researching carefully the products most suitable for your business.

Legal support:

Short-term legal resource to maintain business continuity.

Depending on the scale of the breach, your in-house legal teams may be required to assist on your response at short notice.  Bird & Bird can provide extra bandwidth to you legal team to assist on matters in your legal team's absence.

Draft protections in employment contracts.

It is important not to focus solely on protecting against threats from outside your organisation – PwC's 2014 Global Economic Crime Survey found that more than half of companies surveyed reported their main threat to be from an insider. Our Employment team can review your employment contracts and internal policies and advise on your contractual protections.

Advice on regulatory compliance.

Business today operate in a patchwork of regulation on cybersecurity and data protection.  With lawyers in 18 countries and strong links with an international network of lawyers, we can advise on any regulatory steps that you must take having identified at security breach.

KEY CONTACTS:

Shooter-Simon
Simon Shooter
< Back
>

Respond

ACTION:

  • Follow business continuity procedures
    It is at this stage that your early work to identify and protect your business assets pays off.  Follow your business continuity procedures and plans to allow your business to continue operating whilst you work to resolve the breach.

  • Identify source of the breach.
    An important part of resolving the breach is to work out where it came from. Work should be done to identify the source of the breach so that you may take steps to stop it from happening again.  Identifying the perpetrator will also help should you wish to take action against them.

  • Assess the scale of the breach and potential losses
    Take stock of the size of the breach and the losses that your business may suffer as a result.  It is important here not just to look at your immediate damage, but to consider other losses that could emerge over time (for example, where trade secrets may have been compromised).
LEGAL SUPPORT:
  • Advice on compliance with data protection and cybersecurity regulation.
    Depending on the scale of the breach, the nature of your business and the jurisdictions in which you operate, there may be regulatory requirements that you have to comply with following a security breach. Our global reach and market leading expertise in cybersecurity and data protection mean that we are well placed to advise on any regulatory steps that you must take.
  • Advice on regulatory compliance
    Businesses today operate in a patchwork of regulation on cybersecurity and data protection. With offices in 18 countries and strong links with an international network of lawyers, we can advise on any regulatory steps that you should take having identified at security breach.

  • Reputation management
    A security breach may attract unwanted media attention and have a significant impact on your reputation. Our Reputation Management team can steer you through the process of dealing with the media and managing the fallout of a cybersecurity breach.

KEY CONTACTS:

 Image of James Mullock Sherrell-Phil
James Mullock Phil Sherrell

< Back
>

Recover

Action:

Deploy ‘full-fix’

Having identified the breach and maintained business continuity, your next focus should be to prevent the breach from reoccurring. The steps that you should take will depend on the cause of the breach and could vary from updating your IT architecture to restricting user access to your network.

Notify affected customers and subcontractors.

It is important to take stock of any data that has been compromised so that those affected can be notified. You should investigate the scope of data that has been affected and give appropriate notices to any affected parties. 

Legal support:

Advice on ownership of software fixes.

Our expertise on contracting for IT services and intellectual property issues mean that we can offer comprehensive advice on the licensing and ownership of any software fixes that you require. 

Advice on liability for losses.

Our Dispute Resolution team can provide a thorough assessment of your potential liability arising from the breach as well as that of any parties from which you may seek to recoup your own losses.

KEY CONTACTS:

Shooter-Simon
 Image of Bryony Cain
Simon Shooter Bryony Hurst
< Back
>

Review

Action:

Update internal policies and procedures

After resolution of a breach, it is worth considering whether your internal policies and procedures on IT security could be updated to prevent the same breach from reoccurring. Depending on the severity of the breach, it may also be helpful to provide training to employees on how the breach occurred and how similar incidents could be prevented in the future.

Share lessons learned with wider community. 

Collaboration on cybersecurity is one of industry's best weapons against hackers. Various industry forums exist where businesses can exchange information on current cyber threats. It may be of benefit both to you and the wider business community to share details of the breach and its likely source. 

Consider enforcement action if possible.

It can be notoriously difficult to identify and track down perpetrators of cybersecurity attacks. To the extent that your investigations reveal the source of the attack, you may consider informing law enforcement or bringing a claim against the attacker.

Legal support:

Private prosecution against perpetrator

Our Dispute Resolution team can assist should you wish to bring legal action against the parties responsible for the security breach.

Recover lost assets

Our Trade Secrets team can advise on action which can be taken to recover any digital assets taken in a security breach and to prevent their further dissemination.

KEY CONTACTS:

 Image of Bryony Cain
 Bryony Hurst

< Back
>