Businesses in New Zealand need to establish cybersecurity risk procedures lest they want to face very real legal consequences in the next year and a half, a top firm warns.
In its “2017 Litigation Forecast” report,
MinterEllisonRuddWatts said that 2016 made businesses in the country realise the importance and sheer enormity of cybersecurity risks, with the topic being increasingly discussed by senior management teams.
It said that the current response to the issue is to adapt basic risk management strategies to cybersecurity, but that approach needs more room for improvement. The current business environment actually provides a unique opportunity for businesses to adapt world-class, or even world-leading, policies, it said, as the government is yet to ramp up enforcement in the field.
Part of the growing pressure to enhance cybersecurity and strengthen regulatory enforcement is how damaging it could be to the country. The firm said that in 2015, cybercrime cost the country’s economy $257m and affected 856,000 people.
The privacy commissioner had signified that regulatory activity will “heat up in the next 12-18 months,” the firm said. This means that organisations run could be exposed to legal consequences if they do not act.
“As well as reputational and financial consequences, there are very real legal consequences starting to take hold in the United Kingdom, Australia and United States. These are likely to be heading our way,” the top firm said.
Possible consequences include class actions by shareholders for possible breach of duties by directors and by customers for business negligence, breach of contract, and breach of data protection requirements. Financial regulators are also expected to launch actions against organisations that fail to disclose and protect against cybersecurity risks.
“We expect to see these types of enforcement actions emerge in New Zealand as the nature and extent of local breaches increase. Organisations preparing their cyber security risk management can add another good reason to the list of why it makes good business sense to get your cyber house in order and be ready to respond,” MinterEllisonRuddWatts said.
Before cyber breaches happen, organisations need to establish IT systems, manage employees, consider procurement and suppliers, assess risks, develop a crisis management plan, and consider insurance.
When hit, organisations should contain the breach, diagnose its severity, communicate to legal experts and other parties, and learn from the incident, the firm said.
Related stories:
50 offenders convicted under cyber-bullying law
Don’t fall for accountant email con, lawyers told