The International Institute for Conflict Prevention and Resolution, a New York-based organisation offering Alternative Dispute Resolution (ADR) services, has recently announced the launch of a new specialised panel of neutrals, commissioned to deal with cybersecurity disputes. The Cyber Panel is composed of experts in cyber-related areas such as data breaches and subsequent insurance claims. In a press release, Noah Hanft, President of CPR, described the new panel as guiding the “critical effort” by businesses to “prevent and/or resolve cyber-related disputes in a manner that best protects operations, customers and reputation” due to attacks now occurring with increased frequency and sophistication.
CPR’s decision to establish a specialist cyber panel addresses a perceived need for arbitrators and mediators with relevant expertise, given that data protection and security breaches are regarded as an increasingly common cause of technology, media, and telecommunications (TMT) disputes, and therefore a significant growth area for commercial dispute resolution. According to the 2016 International Dispute Resolution survey on TMT disputes conducted by the School of International Arbitration at Queen Mary University of London, respondents predicted a 191% increase in disputes related to data/system security breaches, the largest growth area identified by the survey. Despite the fact that only 9% of respondents had encountered such disputes over the last five years, 79% of respondents thought that they were either likely or very likely to arise over the next five years. The survey also suggested that data breaches are most often caused by employee action, followed by malicious third party attacks, with both being more common than breaches caused by system failures.
Given the significant reputational and financial damage that can result from a data security breach, it is crucial to resolve subsequent disputes through the use of a reliable procedure which is tailored to the wider commercial context. This is why TMT companies are increasingly often turning to international arbitration which, as the survey shows, was respondents’ preferred mechanism for resolving disputes in the sector. Compared to the 43% of respondents who expressed a preference for arbitration, only 15% chose court litigation as their most favoured option. However, at present, litigation remains the most used mechanism in practice, used in relation to 44% of TMT disputes over the last five years. In that regard, the authors of the survey add that many of these disputes arise from contracts which were concluded long before arbitration grew in popularity and consequently, they do not include an arbitration clause. If this is true, we are likely to witness a significant increase in the number of TMT arbitrations. Indeed, 82% of respondents believed that there was likely to be a general increase in TMT arbitrations.
In general, the survey suggests that TMT companies may require more confidence in international arbitration in order to make this theoretical preference a reality. One way in which this could be addressed is by increasing the number of arbitrators with specialist knowledge of the sector and the specific issues in dispute. This approach appears to correspond with the views of the respondents to the Queen Mary University of London survey, which identified the technical expertise of the decision maker as an important aspect when deciding on a dispute resolution mechanism, as well as decision makers. In light of this conclusion, it was a logical step for CPR, which already has a series of specialist panels in other areas, to appoint a specialised Cyber Panel which may appeal to parties faced with disputes relating from data security breaches. More generally, there seems to be a wide consensus that cybersecurity-related arbitration is going to be an area of future growth.