Cybercrime is rising. Estimates of losses from intellectual property and data theft range as high as $1 trillion.¹ Last year, a criminal hacker was sentenced to 20 years in prison for stealing more than 170 million credit and debit card numbers, making it the largest identity theft case the Department of Justice has ever prosecuted.²
With legal risks high, companies have to be diligent whenever a system is breached. Yet according to a recent report, the general counsel is often the last person to find out about a cybercrime.³
Cyberattacks aren’t just an information technology (IT) matter. Legal obligations, damages to the organization, and business relations with customers are all reasons that the general counsel must act promptly when a company’s systems have become compromised. This means acting after a breach is detected, not merely after data are actually stolen. Also, special rights exist for cybercrime victims if the victimized company initially investigates after a breach occurs. For instance, employers can obtain injunctive relief against former employees who improperly access a company’s digital information.
Facing cyberthreats doesn’t have to be daunting. Acting in a timely way and creating better communication avenues with IT staff can lessen the risks associated with compromised information systems. General counsel can become better equipped to deal with cybercrime by learning more about technology trends, by establishing an information security council, by developing a response plan that includes periodic testing and clear guidelines on how to respond and when, and by having a cyber forensic investigator on retainer.
There is no doubt that cyberattacks can be detrimental to a company and its reputation. But general counsel can play a pivotal role in protecting an organization if they are first—rather than last—on the cybercrime scene.