In-house legal teams need to stay on top of cybersecurity

A recent cyber attack on the NZX shows that companies should make sure they’re not vulnerable

In-house legal teams need to stay on top of cybersecurity

In-house legal teams need to ensure they’re staying on top of cybersecurity, particularly following a recent cyber attack on the NZX, a national firm said.

Over a four-day period as August came to a close, the stock exchange was rocked by volumetric distributed denial of service (DDoS) attacks that hit its websites and markets announcement platform. As a result, trading activity was grounded in a number of important markets.

“Not only has this led to serious concerns regarding NZX’s resilience, its vulnerability to cyber-risks and its reliance on [network service provider] Spark, it is also bringing into sharp focus the need for enterprises of all shapes and sizes to examine their internal processes around cyber-risk,” national firm Anderson Lloyd said in a blog post.

The firm said that historically, major cyber attacks have targeted “the critical IT infrastructure of financial institutions, presumably in part because they have the deepest pockets.” Research conducted by the Reserve Bank earlier this year estimated that cyber attacks could cost the banking and insurance sectors up to $134m per year.

With COVID-19 driving the implementation of less secure remote work setups, companies, including most SMEs, are now more vulnerable than ever to cyber criminals. This is where chief legal officers should come in.

As discussed on Canadian Lawyer, the Association of Corporate Counsel (ACC) recently found that most chief legal officers contributed significantly to their companies’ cybersecurity strategies. Vice president and chief legal officer Susanna McDonald said that cybersecurity responsibility is not one that should be shunted to IT departments, as “legal oversight leads to risk-based compliance and really coincides with the rise of cybersecurity policies.”

“There are not too many companies that don’t have access to employee and customer data so organisations must protect that data, and regulatory schemes are growing and increasingly involving in-house counsel in order to be able to stay on top of that,” she said.

The ACC study showed that over the past couple of years, there has been an increase in the percentage of organisations worldwide appointing in-house lawyers who focus specifically on cybersecurity. This was accompanied by an uptick in the percentage of organisations establishing cybersecurity response teams.

“Cybersecurity is a risk and compliance issue, so it’s really in the wheelhouse of in-house counsel. The most common questions that general counsel get from their boards are about cybersecurity risk and compliance, so if your board is asking these questions, you need to be able to effectively answer them,” McDonald said.