ARTICLE
31 May 2019

Cyber Crash Course For Directors And Officers

BJ
Bennett Jones LLP

Contributor

Bennett Jones LLP logo
Bennett Jones is one of Canada's premier business law firms and home to 500 lawyers and business advisors. With deep experience in complex transactions and litigation matters, the firm is well equipped to advise businesses and investors with Canadian ventures, and connect Canadian businesses and investors with opportunities around the world.
Explore Firm Details
Lexpert Firm Profile
We had a packed house for our Cyber Time: Crash Course for Directors and Officers event this week at the Bennett Jones Calgary office.
Canada Corporate/Commercial Law
Photo of Ruth Promislow
Authors

We had a packed house for our Cyber Time: Crash Course for Directors and Officers event this week at the Bennett Jones Calgary office. The half-day session covered current cyber threats facing businesses today, litigation exposure from a cyber incident involving personal information or confidential business information, regulatory compliance obligations regarding the protection of personal information, and insurance solutions to mitigate certain risks associated with cyberattacks. Our panel of experts included Ruth Promislow and Michael Whitt of Bennett Jones, Jay Heidecker of Seekinto and Dan Lewis of Arthur J. Gallagher Canada Limited.

The consistent theme in all of the presentations involved the need to be proactive, rather than simply reactive. Being proactive makes good business sense in that it can reduce costs incurred in responding to an attack. It also can reduce litigation risk exposure from an attack or the response to the breach. Additionally, regulatory obligations require a proactive approach. Cyber insurance can be a key component to reducing risk exposure. However, it does not cover all forms of risk and it does not replace the need (and obligation) to address risk and vulnerabilities before an attack.

The key questions identified for directors and officers to ask included the following:

  • What information do we have?
  • What is the sensitivity of this information?
  • How is the information stored?
  • What information do we retain and what do we dispose of?
  • What safeguards are in place to protect the information?
  • What is the likelihood of damage occurring and the potential severity?
  • What jurisdictions are we potentially subject to?
  • Are we in compliance with regulatory obligations?
  • Have we protected ourselves against third-party risks?
  • Do we have a breach response plan?
  • Have we tested our breach response plan?
  • Are we confident that in the face of an incident, we can avoid creating a paper trail that could be used against us?
  • Who do we have on speed dial in the event of a breach?

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Ruth Promislow
Ruth Promislow
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More