In recent times there has been a marked shift in the perception of how to manage cyber-security. Organisations who are subject to a breach are no longer being seen as a “victim” of a hacking crime, but delinquent actors who did not take proper steps to secure their assets.
We believe that cyber-security needs to break the mould of being thought of as just an issue for the IT team. It fundamentally requires a multi-disciplinary team. Internally within your organisation, cyber-security needs to involve IT, legal, risk, regulatory, PR and customer-facing operations. Externally, cyber-security may need to involve external lawyers, forensic teams and PR advisers.
Organisations need to have a plan on how they will respond to cyber security incidents. The last thing an organisation wants to be doing in the face of a serious cyber-security incident is develop its approach and policy on the fly. Planning during a crisis only distracts from the task of dealing with the incident and creates confusion about who needs to be involved and who is empowered to make decisions that may affect your organisation’s reputation. APRA and ASIC-regulated entities are likely to already be under an obligation to have such plans in place as part of their required risk-management obligations.
Planning for and dealing with cyber security breaches requires a multi-disciplinary team with deep technology and data protection expertise:
- Privacy and data: our privacy and data team understands that privacy compliance does not start and end with the preparation of a privacy or cyber security policy, but that an organisation’s handling of personal information and sensitive data must reflect privacy and security-by-design.
- Regulatory: our regulatory and corporate teams are accustomed to dealing with regulators that have an interest in, and may need to be notified in relation to, cybersecurity issues, including the OAIC, ASIC and APRA.
- Litigation: our litigation group includes a dedicated team of over 25 lawyers who focus on protecting data and commercially sensitive information. Over the last decade we have run some of the country’s most high profile disputes in relation to IP and commercially sensitive information, and routinely work with IT forensic providers to investigate and respond to cyber security breaches.
- Technology: we have one of the largest dedicated technology legal teams in Australia. Our team understands technology and risk, and work with our clients to focus on key issues in a complex and fast-moving technology landscape.