A US security chief has urged in-house lawyers not to bury their heads in the sand when their employers are subject to cyber attacks. Robert Silvers (pictured above), under secretary of homeland security said too many general counsel suffered from an ‘ingrained, cultural risk aversion’ in the immediate aftermath of an attack.

Silvers told the International Bar Association conference in Miami that there was nothing to fear from seeking support from law enforcement agencies. ‘It is almost a risk to keep [an attack] in-house – that is the most misguided approach,’ he said. ‘The fact is that government agencies focusing on cyber security culturally have grown to treat victim companies as victims and can offer all sorts of support.’

He suggested that some legal advisers may assume that their employers would be in trouble if they admitted they had fallen victim to cyber criminals. The opposite was likely to be the case, with law enforcement agencies likely to ask why something appears to have been covered up.

‘There is no shame in having been hacked – there are two kinds of company, those who have been hacked and those who don’t know yet they have been hacked.’

Silvers urged lawyers working in corporations to be pro-active about seeking to combat cyber-crime, likening it to a footballer who tries to gain possession of the ball rather than wait for it to come to them.

Neither should lawyers be dissuaded from taking action by the self-perception that they might not understand cyber security or might not be as technologically savvy as others in the company.

‘A number of attorneys see [cyber security] as an issue coming to them which they then answer questions about [but they] now have a responsibility to be much more pro-active and be drivers of cyber security in their organisations,' he said. 

‘Attorneys are gatekeepers, they can go to a board or chief executive and say ‘we have to invest in a cyber security programme and do better... You are not there to build the firewall or deploy software across the organisation – you don’t need to be a technologist to read a report saying the company is way behind and to understand that.’