• No results found

CYBERSECURITY RISK MANAGEMENT

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "CYBERSECURITY RISK MANAGEMENT"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

CYBERSECURITY

(2)

Cybersecurity is one of the most challenging risks confronting

companies around the world. In today’s interconnected world,

virtually all companies and their customers are potential targets.

With vast experience in cybersecurity matters and a global cybersecurity team, DLA Piper is ideally situated to guide clients in managing this increasingly important risk area. We help clients to implement a 360-degree approach to creating, managing and maintaining a secure cyber-DNA in the face of escalating threats and legal requirements, and a shift in the duty of care for companies and directors.

Our lawyers were instrumental in drafting the widely acclaimed National Association of Corporate Directors Cyber Risk Handbook, which is being used across corporate America to establish cyber risk governance systems. We also track cybersecurity regulatory developments in 23 major world economies for an information service. We helped to draft almost all the US state breach notice laws; are developing a video to help educate senior managers and directors about cyber risk issues; and we help clients to prepare for security incidents through a free model incident response protocol that clients adapt to their organization and regulatory requirements.

We offer clients practical and down-to-earth guidance across the spectrum of governance of cyber-risk, including:

■ Global incident response and investigations

■ Risk assessment mitigation and compliance around the world ■ Program design and implementation

■ Corporate governance ■ Supply chain risk management ■ Government affairs solutions

■ Litigation (D&O, class action, product liability)

RETHINKING PROTECTION

RANKED IN TIER 1 IN

CYBER CRIME

– Legal 500

, 2014

DLA Piper’s privacy and

data security attorneys are

truly top in their field

’.

(3)

It is only a matter of time before a determined hacker can penetrate your organization’s system. With consequences of these attacks growing ever more serious, cybersecurity risk has become a top priority for many organizations. DLA Piper has a series of offerings that are designed to prepare clients for the inevitable cyberattack, including how to respond to cyberattacks. We guide clients through the design and implementation of a governance structure that can meet organizations’ duties of care. We provide clients proactive corporate governance structures to protect companies and their directors; offer tools to comply with evolving regulatory requirements; develop and refine sound corporate policies; design and help to manage strategies to create and sustain a culture of security; and drive responsible supply-chain and vendor risk management techniques and contract support.

In the wake of an attack, we provide a team that has helped clients through more than 450 security incidents and helped draft almost all the US state breach notice and data security laws. We offer charts and information services that capture cybersecurity and breach-related requirements across the 50 states and the world. We field a cohesive team of lawyers in 40 countries that is highly experienced in investigations and incident response, protocols, in protecting privilege throughout an investigation, and

materiality standards for notifying shareholders. Many more are litigators with strong experience in the claims typically brought in lawsuits filed in response to a cybersecurity incident.

OUR CYBERSECURITY TEAM OFFERS:

Proactive risk management.

Because of the fast-changing nature of cyberattacks, cybersecurity defense is a complex risk management task. We were the only law firm that helped to draft the widely acclaimed NACD Cyber Risk Handbook for corporate directors. We help clients to implement a customized strategy, establish and refine their internal risk management strategy for preventing and responding to cyberattacks, and assist in the implementation of proactive policies and procedures that enable them to respond effectively, preserving attorney-client privilege and mitigating potential litigation and reputational risks associated with cybersecurity incidents. We have relationships with a wide range of cybersecurity experts to help clients to identify emerging threats, detect intrusions and conduct effective forensic investigations. We also focus on identifying and fixing breakdowns in corporate communications and planning that leave vulnerabilities unaddressed. We help clients to adopt nimble, repeatable and

Field-tested global crisis

management coverage. We can be on the ground, with an integrated team of top cybersecurity technicians and lawyers, helping solve your security problem and cloaking those efforts in privilege, anywhere in the world, within 24 hours of a client request. We have established toll-free response protocols to respond and coordinate immediately.

Connections to more than

40 governments around the world. We know the regulators, the advocates and many of the journalists who focus on data breaches and draw on this experience to guide our clients’ response to a breach incident so as to minimize potential reputational damage.

Understanding of the US and

international cyber-regulatory environment. We have drafted most of the breach notice laws, offer an online tool summarizing breach notice requirements in 72 countries. Our subsidiary Blue Edge LabSM has partnered with the Internet Security Alliance to offer CyberTrakSM, an easy-to-use online information service that tracks the evolution of cybersecurity-related law in 23 major economies around the world. This work gives us an unrivaled understanding of the ever-changing US and international

PROACTIVE STRUCTURES,

STEADFAST STRATEGY

(4)

Sector-specific focus. DLA Piper

believes that our legal advice should be as pragmatic and practical as it is technically excellent. We are attuned to the unique requirements of different sectors and staff our teams with lawyers experienced in the client’s sector.

INCIDENT RESPONSE CAPABILITIES

From the moment a company learns about a potential breach it should be armed with tools to respond quickly and effectively while ensuring that its investigation is privileged. We offer a highly experienced team that has been successful hundreds of times in protecting clients from risks following cybersecurity incidents.

Our service in this area includes incident response protocols, crisis coordination and management, data breach response strategy, identifying and preparing required individual, payment card network and state notifications, communication and priority setting with regulators, inclusion of law enforcement as appropriate and responding to Congressional inquiries. We offer clients a step-by-step incident

response protocol that prepares clients for breaches before they happen, preserves privilege from moment one and marshals organization, legal and forensic solutions. Among the members of our team are former computer crime prosecutors who have strong relationships with law enforcement that can be invaluable in responding to a hack. We also have a team of litigators around the world who can pursue non-state-sponsored hackers and their hosts in their home countries. We have a clear understanding of potential insurance coverage for these events and advise you of communications to ensure proper notice to carriers and third parties to limit direct and potentially consequential losses. We also work with the carriers to ensure that any improvements or modifications to the company’s approach as a result of a breach can form the basis for decreased cost of coverage or enhanced coverage moving forward.

RISK MITIGATION AND PROACTIVE STRATEGIES

Effective cybercompliance begins with an independent and realistic assessment of the legal, compliance, governance and reputational risks that could threaten your company. DLA Piper has an integrated protocol that works hand-in-glove with cybersecurity technology providers to assess, respond to and mitigate the risks associated with cybersecurity incidents at your company.

The protocol is an enterprise-wide approach that analyzes these risks and is adaptable to the unique characteristics of your company, regulation of your sector and the geographical location of your data centers and of data subjects. It provides companies and directors with roadmaps to fulfill their respective fiduciary and legal obligations to their shareholders, employees and customers.

Furthermore, to help clients address the proliferation of cybersecurity requirements globally, DLA Piper works with the Internet Security Alliance, a trade association of Chief Information Security Officers of 19 major multinational companies, on an information service that provides quick summaries of cybersecurity-related procurement and compliance requirements in 23 key markets around the world.

(5)

We have devised easy-to-implement, repeatable and trackable methodologies that identify and address gaps,

incorporate solutions into current business processes and auditing programs based on risk priorities. The methodologies incorporates rules-based applications, moving response checklists into current protocols. The resulting program addresses identified gaps in a holistic and ongoing fashion – across multiple metrics.

SUPPLY CHAIN RISK MANAGEMENT

A key part of our proactive risk mitigation service involves providing practical, targeted and enforceable risk mitigation strategies throughout a company’s supply chain. This usually begins with assessment of heightened risk of cyberincidents throughout a company’s supply chain. It then moves to implementing diligence, contracting and vendor management strategies to mitigate and properly allocate cybersecurity risks so that your company is not left absorbing unmanageable liability or violating commitments to regulators, clients, suppliers or the public. These proactive solutions can make a major difference mitigating risk.

GOVERNMENT AFFAIRS

Our lawyers have been closely engaged in the development of the Cybersecurity Framework and federal and state government cybersecurity

oversaw and worked closely with the U.S. agencies charged with cybersecurity preparedness. We are ideally positioned to help clients work with government agencies on implementation of the Administration Cybersecurity Framework and in contesting designations as critical infrastructure directly subject to the Framework. Furthermore, our team features a well-regarded former House Committee chief investigations counsel, who ran 200 hearings during his time on Capitol Hill and is adept at helping clients to manage investigations and excel at congressional hearings

LITIGATION

We feature some of the most highly experienced litigators in the world in data privacy, class action, insurance coverage, D&O litigation and product liability. This team is comprised of true trial lawyers and an alternative dispute resolution team that work across a global platform to represent clients in every industry that may be subject to liability for a data breach. These litigators represent clients across the spectrum of critical infrastructure and data-intensive sectors. They appreciate the vulnerability of internal and consumer data at the heart of every business sector and have developed strategies to anticipate, prepare and defend against cybersecurity-related claims.

Our litigators also benefit from the incomparable experience of our lawyers who are skilled in cyber-regulations and cyber risk management, and frequently work together to assist clients in avoiding and/or mitigating litigation risks. This coordination makes us highly qualified to attack the substantive and procedural aspects of litigation arising out of data breaches and other security incidents.

Class Action Litigation. DLA Piper is one of the few firms with actual experience litigating a consumer class action arising out of a data breach. Our lawyers currently represent various corporate entities in the first major multi-district litigation arising out of a data breach. That breach was, at the time, one of the largest recorded data security breaches, affecting more than 77 million consumers, and resulted in the filing of 65 class actions across the country. Our experience in the trenches gives us vast experience and insight into the defense of companies facing litigation arising out of a data breach, including issues of standing, the various theories of liability asserted by plaintiffs and class certification issues.

In addition, DLA Piper has a deep bench of class action lawyers skilled in the representation of clients in nationwide and state class action lawsuits, many of which address the issues facing consumers and business in the areas of consumer fraud, the use

(6)

Our clients depend on us to anticipate emerging threats; develop streamlined, effective and innovative strategies to respond to the nuances of a particular suit; defeat class certification and the merits of the plaintiffs’ claims at an early stage; and strategically protect and advance our clients’ long-term business interests. Our experience in major data breach litigation, combined with our experience in the compliance and regulatory arena, makes us an asset for clients faced with data breach litigation.

Securities Litigation. The duty of care for companies and boards now includes proper attention to cybersecurity vulnerabilities. Sophisticated hacks into a company’s systems can affect stock prices and trigger derivative shareholder actions. Our securities litigators are experienced in defending companies in derivative shareholder actions and at guiding clients through the delicate process of determining whether the effects of a hack exceed the SEC’s materiality threshold requiring notice to shareholders.

Product Liability: Our product liability group includes some of the most highly regarded defense lawyers in the world. We advise clients on risk, compliance and business management at every stage of the product life cycle, from product design and development to distribution. Our sophisticated clients use information and technology at each of these stages to share research and testing and to efficiently manufacture and distribute products and services − often considering the use of this data beyond immediate product design

needs. We collaborate with clients at the front end on issues such as cybersecurity to focus on points of vulnerability raised by hacking in day-to-day use. Examples of these considerations include monitoring of personal vehicles, access to home security and controlled environment systems and access to medical devices and implants. At the back end, we handle crises that involve product recalls, governmental investigations and insurance coverage in the event these systems are breached or alleged to be defective. We collaborate with colleagues around the world to ensure that each client is receiving sound advice based on a multidisciplinary and multijurisdictional approach, and we are ever mindful of the need to protect reputations.

(7)

London Luxembourg Madrid Manchester Milan Moscow Munich Oslo Paris Prague Rome Sarajevo Sheffield St. Petersburg Stockholm Tbilisi Vienna Warsaw Zagreb AMERICAS AFRICA Auckland Bangkok Beijing Brisbane Canberra Hong Kong Jakarta Melbourne Perth Seoul Shanghai Singapore Sydney Tokyo Wellington ASIA PACIFIC Amsterdam Ankara Antwerp Berlin Birmingham Bratislava Brussels Bucharest Budapest Cologne Copenhagen Dublin Edinburgh Frankfurt Hamburg Istanbul Kyiv Leeds Lisbon Liverpool EUROPE Abu Dhabi Doha Dubai Kuwait City Manama Muscat Riyadh MIDDLE EAST DLA PIPER RELATIONSHIP FIRMS Addis Ababa Accra Algiers Bujumbura Cairo Cape Town Dar es Salaam Johannesburg Gaborone Kampala Kigali Lusaka Maputo Mwanza Nairobi Port Louis Windhoek Northern Virginia Philadelphia Phoenix Raleigh Sacramento San Diego San Francisco São Paulo Seattle Short Hills Silicon Valley Tampa Toronto Vancouver Washington, DC Whitehorse Wilmington Yellowknife Albany Atlanta Atlantic City Austin Baltimore Boston Calgary Caracas Chicago Dallas Edmonton Houston Los Angeles Mexico City Miami Minneapolis Montreal New York

(8)

www.dlapiper.com

ABOUT US

DLA Piper is a global law firm with lawyers across the Americas, Asia Pacific, Europe and the Middle East. From the quality of our legal advice and business insight to the efficiency of our legal teams, we believe that when it comes to the way we serve and interact with our clients, everything matters.

FOR MORE INFORMATION

To learn more about DLA Piper, visit www.dlapiper.com or contact Jim Halpert T +1 202 799 4441 [email protected] Vinny Sanchez T +1 312 368 3420 [email protected]

References

Download now ( PDF - 8 Page - 0.97 MB )

Related documents

U.S. Direct Investment Abroad

parents and majority-owned foreign affili- ates, the 1999 benchmark survey collected data on sales (or gross operating revenues) that are disaggregated into goods, services,

Human Resource Consultancy and Organizational Growth: Exploring the Relationship. A.K.M. Mominul Haque Talukder ABSTRACT

Although there can be number of factors triggering the growth of organization, the present study deemed only six independent variables: HR development, HR policies, HR

The legal methodology of the Salafi movement in Egypt

organize politically has also been utilized by Salafis, with a number of groups promoting Salafi presidential candidates, 98 defending the reputations of prominent Salafi speakers,

Occipital GABA correlates with cognitive failures in daily life.

We further found that grey matter volume in the left superior parietal lobule (SPL) correlated with cognitive failures independently from the impact of occipital GABA and

We are here to help. Strategy + Design

We can help amplify your voice by translating your brand to an infinite array of print, digital, and video campaigns that can grow with you and remain authentic in a multitude

Obesity and normal birth: A qualitative study of clinician’s management of obese pregnant women during labour

The need to promote normal birth for obese women, including antenatal education, the promotion of mobility and the need to minimise the risk of caesarean section and the challenges

Backpacker tourism: an analysis of travel motivation

 Future research on the South African backpacker industry should recognise the social order of backpacking such as the changing identities of backpackers, the activities

AMEN Frank.ticheli

Composed by Frank Ticheli Composed by Frank Ticheli.