Stay updated on the latest developments in Cyber Security with our free newsletter. Sign up now!
Receive a daily email digest, the myFT Daily Digest, delivering the most recent Cyber Security news straight to your inbox every morning.
In the latest case of a massive cyber hack, a Russian-speaking criminal gang compromised the personal data of tens of thousands of employees at major British companies. This incident followed a warning issued by Microsoft in May, stating that a state-sponsored Chinese hacking group had targeted critical infrastructure in the US, affecting organizations in various sectors.
Addressing these incidents requires the efforts of numerous lawyers, who are increasingly at the forefront of the battle against corporate blackmail and personal data theft. Lawson Caisley, Chair of the cyber risk committee at White & Case, emphasizes that cyber security is a significant concern for general counsels and highlights the multidisciplinary nature of combating cyber incidents.
The frequency and sophistication of cyber attacks have propelled cyber security risk to the top of general counsels’ agendas. According to Sophos’s State of Ransomware 2023 report, 44% of UK businesses surveyed experienced ransomware attacks in the past year. Among those affected, 33% reported data encryption and theft, while 6% faced extortion without encryption.
Cyber security company CrowdStrike has observed a notable increase in data theft and extortion campaigns carried out by adversaries. Criminals no longer require advanced technical skills as they can readily purchase access to victims and sophisticated breach tools through dark web marketplaces, says Drew Bagley, Vice President and Counsel of Privacy and Cyber Policy at CrowdStrike.
Cyber hacking has become a lucrative business, with the average ransom payment nearly doubling from $812,380 in 2022 to $1.5 million in 2023, as reported by Sophos. Eduardo Ustaran, Global Co-Head of Privacy and Cyber Security Practice at Hogan Lovells, describes the sector as a well-organized ecosystem, with criminals adopting a business model that entails ransom negotiations for stolen data. The decision of whether to pay the ransom sparks heated discussions around board tables.
The legal sector is increasingly vulnerable to cyber threats, including attacks by “hackers-for-hire” who engage in malicious cyber activities for third-party clients. The recovery process involves immediate action to halt the attack, followed by investigation, understanding implications, and system restoration, likened to crisis management.
In-house lawyers and external legal experts work alongside forensic investigators and PR professionals to tackle cyber hacks. Ustaran emphasizes the importance of reassurance and guiding clients in making business decisions beyond the realm of static law.
General Data Protection Regulation (GDPR) legislation in Europe has raised the level of exposure for cyber incidents, as companies are now obligated to notify regulators and affected individuals in the event of a data breach. Disclosure requirements may become even more detailed, with the US Securities and Exchange Commission introducing rules that demand companies to disclose their preparedness for cyber attacks and any incidents that occur.
Caisley predicts a similar trend in other countries, as regulators emphasize that cyber security is not solely an IT issue but a boardroom concern.
Denial of responsibility! VigourTimes is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
