How your incident response plan can prevent litigation following a cyber-attack: Blakes lawyer

In-house counsel play vital role in responding to incidents

How your incident response plan can prevent litigation following a cyber-attack: Blakes lawyer
Nicole Henderson

As cyber threats continue to evolve amid the pandemic crisis, organizations are increasingly vulnerable. The best defence from litigation following a cyber-attack is the implementation of a comprehensive and realistic incident response plan that is easy to access, according to Nicole Henderson, litigation partner at Blake, Cassels & Graydon LLP.

“This is important, not only to deal with the immediate fallout of a cyber incident, but we’ve also seen some cases in litigation where courts have commented favourably on an organization’s effective response to an incident,” says Henderson. Even in cases where the incident response plan is not central to legal liability issues, it can help to mitigate risk, she says.

Litigation and class actions can arise where cyber-attacks lead to the unauthorized use of the personal information of customers, clients and other stakeholders.

“It’s not just the large hacking incidents that you see on the news that are potentially going to cause litigation and class actions,” says Henderson. “I’ve been involved in class actions that involved criminal cyber-attacks by third parties, but there’s also the type that involves a rogue employee who has solen data from the employer.”

Henderson also urges in-house counsel to circulate within their organizations the idea that a cyber incident really is a legal incident and not just an IT security issue. It is essential that in-house counsel are involved in the incident response team immediately following an attack.

“We’ve seen incidents where a well-intentioned IT security group have been handling a breach on their own for days or even weeks before in-house counsel are made aware of it,” says Henderson. “That can really be a lost opportunity to mitigate risk and also to ensure that the organization is complying with all relevant regulatory requirements, reporting requirements and so forth.”

The COVID-19 pandemic has given rise to an increased prevalence of phishing emails purporting to be from reputable organizations offering medical advice, or providing information about vaccines. Such emails will ask the reader to click on a link that downloads malware or requests personal information. The shift to remote work has also created vulnerabilities as many organizations have not implemented multifactor authentication to access their systems.

In the post-pandemic landscape organizations will find more opportunities to be agile in terms of how they collect and use the data of customers, clients or other stakeholders, so in-house counsel must take corresponding steps to ensure that data is adequately protected, Henderson advises.

“An important thing for in-house counsel and others to be aware of is that cyber security really is to some extent a game of cat and mouse,” she says. “It’s important, even with all the resource strains that organizations of all sizes are facing during the pandemic, to be very much on top of IT security and to make it a priority because cyber criminals are constantly innovating and improving their techniques.”

Related stories

Free newsletter

The Canadian Legal Newswire is a FREE newsletter that keeps you up to date on news and analysis about the Canadian legal scene. A separate InHouse Edition is delivered on a regular basis, providing targeted news and information of interest to in-house counsel.

Please enter your email address below to subscribe.

Recent articles & video

Consent and capacity do not have to be considered separately in sexual assault cases: Supreme Court

IP lawyers using foreign associates need protection from fluctuating currency rates: Western Union

Mars Wrigley trademark lawsuits allege cannabinoid products look like its candies

New integrated court in Kelowna, B.C. aims to reduce recidivism

Legal tech company met COVID’s unprecedented challenges by adapting existing systems

Quebec tables most radical reform to its language laws

Most Read Articles

Award more than tripled on appeal for fired articling student at B.C. firm Acumen Law

Quebec tables most radical reform to its language laws

BLG’s acquisition of AUM Law will help it expand compliance services to investment management sector

Canadian Judicial Council releases handbooks for self-represented litigants