How your incident response plan can prevent litigation following a cyber-attack: Blakes lawyer

In-house counsel play vital role in responding to incidents

How your incident response plan can prevent litigation following a cyber-attack: Blakes lawyer
Nicole Henderson

As cyber threats continue to evolve amid the pandemic crisis, organizations are increasingly vulnerable. The best defence from litigation following a cyber-attack is the implementation of a comprehensive and realistic incident response plan that is easy to access, according to Nicole Henderson, litigation partner at Blake, Cassels & Graydon LLP.

“This is important, not only to deal with the immediate fallout of a cyber incident, but we’ve also seen some cases in litigation where courts have commented favourably on an organization’s effective response to an incident,” says Henderson. Even in cases where the incident response plan is not central to legal liability issues, it can help to mitigate risk, she says.

Litigation and class actions can arise where cyber-attacks lead to the unauthorized use of the personal information of customers, clients and other stakeholders.

“It’s not just the large hacking incidents that you see on the news that are potentially going to cause litigation and class actions,” says Henderson. “I’ve been involved in class actions that involved criminal cyber-attacks by third parties, but there’s also the type that involves a rogue employee who has solen data from the employer.”

Henderson also urges in-house counsel to circulate within their organizations the idea that a cyber incident really is a legal incident and not just an IT security issue. It is essential that in-house counsel are involved in the incident response team immediately following an attack.

“We’ve seen incidents where a well-intentioned IT security group have been handling a breach on their own for days or even weeks before in-house counsel are made aware of it,” says Henderson. “That can really be a lost opportunity to mitigate risk and also to ensure that the organization is complying with all relevant regulatory requirements, reporting requirements and so forth.”

The COVID-19 pandemic has given rise to an increased prevalence of phishing emails purporting to be from reputable organizations offering medical advice, or providing information about vaccines. Such emails will ask the reader to click on a link that downloads malware or requests personal information. The shift to remote work has also created vulnerabilities as many organizations have not implemented multifactor authentication to access their systems.

In the post-pandemic landscape organizations will find more opportunities to be agile in terms of how they collect and use the data of customers, clients or other stakeholders, so in-house counsel must take corresponding steps to ensure that data is adequately protected, Henderson advises.

“An important thing for in-house counsel and others to be aware of is that cyber security really is to some extent a game of cat and mouse,” she says. “It’s important, even with all the resource strains that organizations of all sizes are facing during the pandemic, to be very much on top of IT security and to make it a priority because cyber criminals are constantly innovating and improving their techniques.”

Recent articles & video

Voting is now open for Top Ontario Regional Law Firms

Ontario Superior Court upholds arbitrator's ruling overturning union rep's suspension for misconduct

Alberta court allows legal costs in family dispute to survive bankruptcy without preferred status

Ontario Superior Court orders man to vacate family property amid will dispute

PEI Supreme Court upholds misconduct ruling against nurse for aggressive behaviour at care facility

Ontario Superior Court orders Hamilton to pay prejudgment interest for years of flooding negligence

Most Read Articles

Ontario Superior Court refuses to remove estate trustees despite breach of fiduciary duties

Ontario Superior Court voids financial transfers for failing to rebut presumption of resulting trust

Legal industry managers expect pay for lawyers, other industry professionals to rise: report

Alberta Court of King’s Bench dismisses habeas corpus application in child custody dispute