A general counsel organisation has alerted its members to the issues around cybersecurity and what they need to know as the issue becomes one which is increasingly important for organisations. The GC100 Cyber security law and practice report advises its members, general counsel in FTSE 100 companies, how to deal with the  legal concerns raised by cyber breaches. 

Becoming 'cyber secure'

The first step is to become 'cyber secure' as companies may have primary legal duties to be 'cyber secure'. The report cites Data Protection law or  the tort of negligence as areas to note in this regard.  Secondary legal duties may also require a state of cyber security - equitable duties of confidence can be accompanied by parallel legal duties for security through the tort of negligence.  Other areas which this applies to include contract law, either expressly or by implication, where it may be a condition of doing business, or being qualified to participate in bids and competitive tenders.The report also warned that achieving an appropriate state of cyber security may require measures that interfere with other legal rights with employee monitoring and vetting may interfere with the right to privacy given as examples. 

Understanding the legal framework

The GC100 guide advises legal departments that they must understand the local and international legal framework. The should also apply best practice cyber security standards and ask a series of listed critical questions, internally and with external suppliers, including external law firms. It also advised legal departments to build a defensive shield against regulatory action and litigation.