28 May 2020
Your organization may be equipped to deal with cybersecurity crises in-house, but recent data suggests that now more than ever, it’s more likely to end up in the courtroom. Global law firm Norton Rose Fulbright’s 2019 Litigation Trends Annual Survey found that in speaking to corporate counsel about the latest developments in common legal disputes, 44% believed cybersecurity and data protection would be an increasingly popular source of dispute in the next few years. And this isn’t a new revelation: the survey’s 2017 and 2018 editions also marked a projected rise in concerns over cybersecurity and data protection. In 2019, this increase was more evident than ever, with a sudden jump in the number of disputes concerning issues of data privacy. In a changing, progressively digitized world, it follows that questions of security and privacy on the electronic frontier would find their way into the courts. But exponential progress also means exponential risk, and from 2018 to 2019, double the amount of in-house counsel rated cybersecurity and data privacy as the most important litigation issue in Norton Rose Fulbright’s survey.
A Wider WorldTechnological innovation is always expanding our world, just as it continues to expand the breadth of risk for organizations online. The survey’s respondents cited a rise in the volume of threats, increasingly creative threat actors, and highly sensitive data as key factors in mounting legal concerns over cybersecurity. Additionally, as organizations face rapid growth, the volume of consumer data becomes more prominent, and even more vulnerable to large-scale attacks that can have legal repercussions. And the financial toll of these incidents is not to be taken lightly—companies whose in-house counsel took part in the 2019 survey spent $1.5 million on average on disputes from that year. But how to stem this level of risk? Researchers advise assessing cybersecurity and data protection measures. More than 80% of companies involved in the survey conduct these assessments, which are found to significantly reduce the risk of major cybersecurity incidents and, by extension, issues of litigation.
Making It CountAs devoted readers of this blog know well, cutting off malicious actors at the source is a tried-and-true solution to the ever-mounting risks of cybersecurity. With the added obstacle of legal action, it may be more important than ever to ensure your organization is ready to address its vulnerabilities. Our Red Team Assessment utilizes a combination of tailored Red Team objectives, real-world scenarios, and industry experience and expertise to strengthen your organization’s infrastructure with meticulously constructed evaluations, including:
- Penetration Testing (internal and external)
- Social Engineering/Phishing Attacks (by phone, email, and in-person; we take this to the next level by attempting an actual breach of your network)
- Physical Access (perimeter sweep, building access, secure interior room access)
- Black Box (planting rogue remote-access devices in the production network)
- Secure Document Disposal (secure/common waste disposal, dumpster inspection)
- Wireless (forged authentication, encryption testing, device spoofing)