On 20 November 2013, Hogan Lovells hosted a cybersecurity seminar at its London offices, gathering a panel of experts in the field to discuss a subject that has become a growing concern for businesses worldwide. The seminar sought to address the cyber risks currently facing businesses, what businesses should do if a cyber attack occurs, the legal issues a business should consider when responding to a cyber attack, and the options for protecting a business with cyber risk and data protection insurance.
The key trend highlighted by the panel was the growing sophistication of cyber crime, moving away from one-off, opportunistic hacks towards more organised and targeted hacking activity aimed at large corporates and professional services firms. Kris McConkey, from the Cyber Threat Detection & Response team at PricewaterhouseCoopers, emphasised the professional, well-funded approach to hacking that organised cyber crime is taking, and the fact that statistics show that financial loss as a result of cyber crime is on the rise. Conor Ward, a partner in Hogan Lovells’ Intellectual Property, Media, and Technology Group in London, noted that this sophistication is evident at a national level, with the emergence of state agencies as a growing cyber threat.
It was generally agreed that businesses should go back to basics when thinking about tackling cyber security issues. Kevin Williams, from the National Cyber Crime Unit at the National Crime Agency (NCA), stressed the importance of taking a standards-based approach to IT hygiene, as it is often employees, either wittingly or unwittingly, who open the gate to cyber threats. Kris added that it was important that businesses take stock of their network and its external communications, and maintain proper records going forward, in order to enable businesses to spot intrusions to their networks as and when they occur, rather than many months later. Kevin also highlighted the work being done by the public sector in the UK to tackle the recent rise in cyber crime, including the establishment of new crime reporting streams, NCA public cyber crime alerts, and government publications highlighting action steps for small and medium-sized enterprises.
Mark Taylor, a partner in Hogan Lovells’ Intellectual Property, Media, and Technology Group in London, stressed the importance of preparing an Emergency Response Plan, and ensuring that it is consistent with any regulatory and insurance requirements. He outlined various breach notification requirements for both regulated and non-regulated entities, and how these might shift with the introduction of the proposed EU Network and Information Security Directive and EU Data Protection Regulation. Erica Constance, Head of Technology in the Media & Telecoms/Cyber Practice at the insurance broker Willis, then closed the seminar by detailing some specific cyber risk and data protection insurance policies, which cover the gaps relating to issues raised by cyber crime left by traditional forms of corporate insurance.
However, where cyber crime is concerned, prevention remains better than cure. If your business hasn’t already done so, now is the time to start thinking about cybersecurity and where the key risks lie.