Cybersecurity and related cyberlitigation issues continue to emerge and become top of mind for businesses. The frequency of cybersecurity attacks is startling. Research conducted in 2012 by the International Cyber Security Protection Alliance (ICSPA), which can be found here revealed that 69% of Canadian businesses had experienced some type of attack within a 12-month period. Twenty-six percent of those affected reported “considerable” impact on their businesses in terms of financial and reputational damage.
As has been stated by Mike Rogers (US Intelligence Committee Chairman): “There are two kinds of companies. Those that have been hacked and those that have been hacked but don’t know it yet”.
Steps are now being taken by regulators and businesses to bring awareness to these issues:
- In 2014, the Securities Exchange Commission (SEC) held a roundtable discussion on the topic of cybersecurity, where it was noted according to speaker Mary Jo White that cyber threats are first on the division of intelligence’s list of global threats, even surpassing terrorism. A copy of Ms. White’s statement opening the roundtable is found here.
- In 2015, the SEC identified “the cybersecurity of registered investment companies and registered investment advisers as an important issue” and provided updated guidance in reducing cybersecurity risks. The SEC’s interim guidance can be found here.
- In April 2015, the Cybersecurity Unit (Computer Crime & Intellectual Property Section Criminal Division) of the U.S. Department of Justice, published “Best Practices for Victim Response and Reporting of Cyber Incidents”, which can be found here.
The Canadian oil and gas industry, perhaps more than other industries, is also vulnerable to cyber threats and attack. The industry has acknowledged this: in January 2015 the Cyber Security for Oil and Gas Summit Canada was held in Calgary. A review of the agenda for that summit (found here) reflects a focus on critical technical matters as part of the management of the risk of cyberattacks.
BLG has also responded to new cybersecurity and cyberlitigation issues. In our view, businesses need to develop programs to increase cybersecurity measures and mitigate risk of breach, but must also be prepared to respond to attacks and remediate the effect of those attacks. All of these aspects of cybersecurity and cyberlitigation give rise to complex legal issues.
A copy of our brochure highlighting our cybersecurity and cyberlitigation practice is found here.