General counsel to take on added responsibility
With cyber crime and data security becoming prominent concerns in every organisation, the role of general counsel is set to expand, requiring them to hone their skills in combating IT threats.
To continue reading the rest of this article, please log in.
Create a free account to get unlimited news articles and more!
Originally published in Corporate Counsel, David Remnitz from Ernst & Young’s global forensic technology and discovery services practice and Timothy Ryan, an Ernst & Young principal in cyber investigations and forensic technology, said general counsel are increasingly becoming the “go-to” people for handling matters arising from data breaches.
“We are seeing chief legal officers and GCs involved as the nucleus, including the chief information officer, the chief risk officer in some instances, often a chief information security officer, and all the way up to the board of directors, along with outside counsel,” Mr Remnitz said.
“In breach response, like any action that carries the possibility of litigation, general counsel better be involved,” added Mr Ryan.
“I frequently say that you can either work on preparing for a breach or you can wait for one to happen, but on breach day you will be enmeshed. Unlike the old days, there is no way that a GC cannot be involved in a breach response,” he said.
Commenting on current trends in cyber security, Mr Ryan said Ernst & Young is seeing an increased awareness of “insider threats”.
“[These are] risks brought by employees, contractors and trusted partners who are misusing information or taking information through inappropriate means for inappropriate purpose,” he said.
“And we are seeing increased hacking by external groups: defacing or disabling public websites, or stealing information of value, such as medical records, intellectual property information and financial data.”
Mr Ryan noted that the company is also seeing larger breaches coming off the back of smaller, unmitigated incidents.
“There are often a series of small steps that go back months or years when the company saw something that needed fixing and it didn't get fixed,” he said.
“Regulators are constantly looking at how companies prepare for a breach.
“A breach alone is not a scarlet letter [to regulators], but failing to prepare for one is. And we're seeing that board members are increasingly concerned about not only risk to the company but also personal liability.”
Emma Musgrave
Emma Musgrave (née Ryan) is the managing editor, professional services at Momentum Media.
Emma has worked for Momentum Media since 2015, including five years spent as the editor of the company's legal brand - Lawyers Weekly. Throughout her time at Momentum, she has been responsible for breaking some of the biggest stories in corporate Australia. In addition, she has produced exclusive multimedia and event content related to the company's respective brands and audiences.
Prior to joining Momentum Media, Emma worked in breakfast radio, delivering news to the Central West region of NSW, before taking on a radio journalist role at Southern Cross Austereo, based in Townsville, North Queensland.
She holds a Bachelor of Communications (Journalism) degree from Charles Sturt University.
Email Emma on: