In-house lawyers should play a central role in safeguarding digital defences and mitigating the effect of breaches. Dottie Schindlinger, vice president and governance technology evangelist at Diligence Corporation in New York told a conference that directors should understand that cyber security is more than just an issue for the IT department.

Prepare

She said that corporate counsel should work on the basis that their company will experience a data breach and carry out an audit of their security strategy and test it annually. “It's not an ‘if’, it's a ‘when’. Just assume it's going to happen and prepare and get all your ducks in a row,” Layers Weekly reported.

Competing duties

Schindlinger told the Governance Institute National Conference in Melbourne that it could be nine months before any breach was discovered and some time before the full scope of it is understood. In the meantime corporate counsel have to balance the competing requirements of managing communications with customers whose data may have been compromised, working with law enforcement agencies who may be putting pressure on them not to disclose the fact of the breach while they investigate it, and the regulatory requirements to report it. “So you’re very much in the middle, you’re pinched,” she said.