Cyber security today
Not only are major data breaches now increasingly leading to regulatory investigations and fines, but cyber security has become a geopolitical issue affecting international trade in technology products.
Yet companies today encounter these issues in many forms:
- Direct attacks on systems, e.g. Stuxnet with attacks on controls often used in industry
- Complex supply chain attacks, e.g. in the case of SolarWinds, where connected customers need to check whether they have also been breached and, as a precautionary measure, take systems offline or initiate decontamination procedures
- Newly discovered system vulnerabilities, e.g. the Log4Shell zero-day vulnerability in the widely used Apache Log4j framework, which continue to pose dynamic challenges to companies
- "Ransomware as a service", e.g. as in the case of REvil where Black Hat hacker groups have specialised in developing ransomware and receive a share of the extorted funds
This focus on cyber security has meant that it is regularly one of the most important issues to be addressed at board level. For example, the European Union Agency for Cyber Security (ENISA) predicts that attacks on the European supply chain will quadruple in the coming years, and attacks on cloud infrastructures are expected to increase by as much as five times. The range of necessary activities for our clients to ensure that they comply with legal requirements and minimise risks is therefore increasing.
Why choose our cyber security lawyers?
The Fieldfisher cyber team has dealt with hundreds of incidents and security breaches. We are one of Europe's leading law firms with specialist expertise and a long track record in cyber work.
A combination of recent high-profile data breaches and legislation such as the GDPR, the Network and Information Systems Security Directive and the Critis Regulation has changed the landscape of cyber security legal requirements forever.
Fieldfisher takes a holistic, multi-disciplinary approach to our work in cyberspace. With our core data protection and information security practice, we have an impressive track record of helping our clients comply with legal and regulatory requirements, as well as preparing for and managing incidents when they occur. We draft the necessary corporate policies and stand by our clients when the encryption Trojan strikes. We regularly advise on what legal risks exist and whether incidents should be reported to regulators.
In our experience, cyber security is not just about compliance and reporting breaches to regulators when required by law. Our clients need practical advice on when reporting is necessary, what other companies are doing, what is standard market practice, what is the expectation of regulators and what this means for your risk profile.
Increasingly, companies therefore need a range of complementary services that we can offer from a single source:
- Comprehensive advice on all issues of data protection and IT law
- Establishing and expanding your compliance and governance structures
- Supporting compliance and human resources departments in internal investigations
- Checking your insurance policies to see if the most important consequences are covered after a data breach
- Appointment as external data protection officer or support of the internal data protection team
- Strategically clear advice on how to proceed in the event of data security incidents
- Managing disputes arising from cyber security incidents and data breaches
- Support in due diligence for transactions, especially in data-driven business models
- Advice on sector-specific data protection requirements, for example in regulated industries such as financial services, life sciences and telecommunications
- Accompanying audits at service providers or by customers
- Support and representation in proceedings with supervisory authorities