Cybersecurity lifecycle

Action:

Update internal policies and procedures

After resolution of a breach, it is worth considering whether your internal policies and procedures on IT security could be updated to prevent the same breach from reoccurring. Depending on the severity of the breach, it may also be helpful to provide training to employees on how the breach occurred and how similar incidents could be prevented in the future.

Share lessons learned with wider community. 

Collaboration on cybersecurity is one of industry's best weapons against hackers. Various industry forums exist where businesses can exchange information on current cyber threats. It may be of benefit both to you and the wider business community to share details of the breach and its likely source. 

Consider enforcement action if possible.

It can be notoriously difficult to identify and track down perpetrators of cybersecurity attacks. To the extent that your investigations reveal the source of the attack, you may consider informing law enforcement or bringing a claim against the attacker.

Legal support:

Our Dispute Resolution team can assist should you wish to bring legal action against the parties responsible for the security breach.

Recover lost assets

Our Trade Secrets team can advise on action which can be taken to recover any digital assets taken in a security breach and to prevent their further dissemination.

KEY CONTACTS:

Action:

As a first step, take an inventory of your business assets and identify those that are business critical or otherwise of high importance.  Your inventory should include any key intangible assets (such as customer data stores, business plans and trade secrets) as well as physical networks and hardware.

Your inventory should consider assets outside of your organisation on which you rely.  Does your business operate using an external network or cloud service provider?  Do you offer any services that customers are able to access remotely?  Are any key assets held with your subcontractors?

For each asset that you have identified, consider its value.  Make a risk assessment of how much damage your business could suffer if the asset was compromised.  This will help you to determine what level of security you should apply to each.

Legal support:

Part of your risk assessment should involve a review of your existing relationships with your suppliers. Do you have appropriate warranties on IT security? Is there a suitable remedy should your supplier cause a network breach? Our Commercial team can audit your supply contracts and advise on any risks.

It is important not to focus solely on protecting against threats from outside your organisation – PwC's 2014 Global Economic Crime Survey found that more than half of companies surveyed reported their main threat to be from an insider. Our Employment team can advise on the adequacy of your standard terms of employment and internal policies to protect against insider security threats.

Our Trade Secrets group can advise on the protection available for your intellectual property, including any registration requirements and how best to document your business ideas.

KEY CONTACTS:

Toby Bond	Phil Sherrell

Action:

Striving to attain impenetrable network security for all areas of your business may quickly run up unwarranted costs. A more sensible approach would be to apply protections proportionate to the risk faced by your business. After identifying your key assets and the risks associated with each, you will be able to determine which areas of your business require the most protection and allocate your IT spend accordingly.

The level of security that you require will depend on the risk profile of your business. Possible measures that you should consider include: deploying malware protection and automated system monitoring; introducing IT policies for staff and subcontractors; user awareness and training; and creating incident response plans.

Legal support:

Depending on the level of risk that you face, you may consider enlisting a specialist IT consultant to help implement your security measures. Our commercial expertise and deep industry knowledge of cybersecurity means that we are well placed to advise on any software licenses and service contracts associated with your IT security.

Our Data Protection group can advise on the suitability of your measures to protect customer information and other personal data.

James Mullock	Simon Shooter

Action:

With adequate training, your staff can become your front line for detecting cybersecurity breaches.  It is important that your employees are able to identify possible threats to your network and are aware of how to report incidents.

As well as training staff to detect cyber threats, you may consider deploying dedicated software or other IT services to identify and report breaches. A vast array of monitoring products has emerged on the marketplace in recent times and we would recommend researching carefully the products most suitable for your business.

Legal support:

Depending on the scale of the breach, your in-house legal teams may be required to assist on your response at short notice.  Bird & Bird can provide extra bandwidth to you legal team to assist on matters in your legal team's absence.

It is important not to focus solely on protecting against threats from outside your organisation – PwC's 2014 Global Economic Crime Survey found that more than half of companies surveyed reported their main threat to be from an insider. Our Employment team can review your employment contracts and internal policies and advise on your contractual protections.

Business today operate in a patchwork of regulation on cybersecurity and data protection.  With lawyers in 18 countries and strong links with an international network of lawyers, we can advise on any regulatory steps that you must take having identified at security breach.

KEY CONTACTS:

Simon Shooter

ACTION:

• Follow business continuity procedures
  It is at this stage that your early work to identify and protect your business assets pays off.  Follow your business continuity procedures and plans to allow your business to continue operating whilst you work to resolve the breach.
  
  
• Identify source of the breach.
  An important part of resolving the breach is to work out where it came from. Work should be done to identify the source of the breach so that you may take steps to stop it from happening again.  Identifying the perpetrator will also help should you wish to take action against them.
  
  
• Assess the scale of the breach and potential losses
  Take stock of the size of the breach and the losses that your business may suffer as a result.  It is important here not just to look at your immediate damage, but to consider other losses that could emerge over time (for example, where trade secrets may have been compromised).

• Advice on compliance with data protection and cybersecurity regulation.
  Depending on the scale of the breach, the nature of your business and the jurisdictions in which you operate, there may be regulatory requirements that you have to comply with following a security breach. Our global reach and market leading expertise in cybersecurity and data protection mean that we are well placed to advise on any regulatory steps that you must take.

KEY CONTACTS:

James Mullock	Phil Sherrell

Action:

Deploy ‘full-fix’

Having identified the breach and maintained business continuity, your next focus should be to prevent the breach from reoccurring. The steps that you should take will depend on the cause of the breach and could vary from updating your IT architecture to restricting user access to your network.

Notify affected customers and subcontractors.

It is important to take stock of any data that has been compromised so that those affected can be notified. You should investigate the scope of data that has been affected and give appropriate notices to any affected parties. 

Legal support:

Advice on ownership of software fixes.

Our expertise on contracting for IT services and intellectual property issues mean that we can offer comprehensive advice on the licensing and ownership of any software fixes that you require. 

Advice on liability for losses.

Our Dispute Resolution team can provide a thorough assessment of your potential liability arising from the breach as well as that of any parties from which you may seek to recoup your own losses.

KEY CONTACTS:

Simon Shooter	Bryony Hurst