Growing questions over cybersecurity have inspired an international firm to set up a dedicated hotline for clients.
London-headquartered Herbert Smith Freehills announced yesterday that its new cybersecurity service will enable clients to receive advice on issues simultaneously across multiple jurisdictions wherever they may arise.
Andrew Moir, head of the firm’s global cybersecurity practice, told the Gazette that many clients were now ‘trying to get on top’ of their legal issues around cybersecurity.
‘We wanted to give them a medium through which they can ask questions as they arise… without having to set up a retainer each time,’ he added.
Moir said the firm was receiving queries on a spectrum of issues which were not necessarily big enough to warrant the firm to be instructed on an individual retainer.
‘One client was in the process of setting up different information handling guidelines, and had a quick question around how they should categorise different sorts of information,’ Moir recalled.
‘Other clients have experienced relatively small cybersecurity incidents and needed some guidance. For example, someone might have sent an email with a confidential document to the wrong person.’
Moir identified several reasons why cybersecurity has become a growing area of concern for businesses.
‘Each time you open the papers, there is some cybersecurity incident that has happened. This is prompting clients that haven’t worried about cybersecurity in the past to start thinking about it,’ he said.
Clients have become aware of cybersecurity from a regulatory and compliance perspective as a result of significant fines coming through from regulators.
The regulatory framework is also getting tougher, Moir said.
Penalties for data breaches are likely to be greater once a new EU General Data Protection Regulation comes into force in 2018. The regulation will replace all data protection legislation in EU member states, including the UK’s Data Protection Act, without the need for further national legislation.
Moir said the UK’s position will be influenced by Britain’s decision to leave the EU. However, the regulation will be in force before Brexit occurs.
Although higher penalties are coming through for data breaches, Moir said many of the firm’s clients are more worried about the wider commercial risks to their business that cybersecurity poses, such as business interruption and reputational damage.
‘We also get different questions from clients depending on the industry sector,’ he added.
‘For e-commerce, breaches of customer data are often a concern. But for a company operating a power station, factory or mine, securing critical infrastructure – and the legal issues that arise if it is compromised – are going to be key issues.’