Cybersecurity has become one of the top governance issues facing
organizations today - and the number of cyber incidents is growing
at an alarming rate. In this episode of
the Continuity podcast, Blakes lawyers Sunny
Handa, Nicole Henderson, Alexandra Luchenko and Allison Sibthorpe
share the compelling results of our recent Canadian
Cybersecurity Trends Study, as well as important tips for
mitigating risks.
Table of Contents:
- Why a cybersecurity study (00:35)
- How to mitigate the risk of a breach (01:20)
- Industries most impacted by cyber-attacks (01:10)
- The nature of incidents and data targeted (01:00)
- Certification of privacy class actions (01:45)
- Liability of directors and officers (03:15)
Transcript
Mathieu: |
Hi, I'm Mathieu Rompre. |
Yula: |
And I'm Yula Economopoulos, and this is the Continuity Podcast. |
Mathieu: |
Since the beginning of this podcast series, we have covered a lot of ground on how the current pandemic has impacted businesses in Canada. |
Yula: |
And some threats, unfortunately, haven't slowed down at all during COVID. Like cybersecurity. It remains one of the top governance issues organizations are facing today. |
Mathieu: |
On today's podcast episode, we're joined by Sunny Handa, Nicole Henderson, Alexandra Luchenko and Allison Sibthorpe, lawyers in our Cybersecurity and Litigation groups. They will be talking to us about our latest cybersecurity study and what the results mean for businesses. |
[music]
Yula: |
Sunny, we're now into the second edition of the Blakes annual Canadian Cybersecurity Trend Study. What prompted us to start researching cyber incidents? |
Sunny: |
We noticed that our clients were experiencing breaches, and what we thought was this is starting to become more prevalent in the market. We wanted to get a better understanding of it. We wanted to make sure that we educated our clients. We found that creating these studies in other disciplines as well has proven very effective, so we started to look into it, and after a fair bit of hard work, we found that we were able to do something quite helpful. |
Yula: |
Now, the numbers from the study show that breaches are on the rise, particularly since COVID began. Is there anything our clients can do differently to mitigate the risks? |
Sunny: |
You can never guarantee that you won't be breached. That is
one thing that I think everyone who works in the cyber area knows
and understands. The breaches are going to happen. What you can do
is prepare yourself ahead of time, and that will help you mitigate
the risks. |
Mathieu: |
Allison, the study shows that some industries have been more impacted by cyber incidents then others. Can you tell us more about that? |
Allison: |
Basically, all industries are at risk of a cyber-attack. In my
experience, I've dealt with organizations from a variety of
different industries. I've assisted non-profits, schools,
professional-service firms, B2B manufacturers, amongst others. What
it comes down to is an organization is more at risk if they
don't have a good security posture. |
Mathieu: |
Tell me a little more about the nature of the incidents and the type of data that are most targeted? |
Allison: |
We've recently seen a huge rise in the number of ransomware
attacks. This is incredibly significant. |
Yula: |
Nicole, in last year's study, the team reported that plaintiffs were meeting with mixed success in having privacy class actions certified. Has that been the same over the past year? |
Nicole: |
Yes, very much in 2019 and carrying into the first part of 2021.
We've definitely seen a mixed bag again, certainly, some cases
being certified, but also again, courts denying certification in
cases, particularly where there seems to be an absence of
damages. |
Mathieu: |
Alex, should individual directors and officers be concerned about personal liability for cyber incidents? How much are they exposed? |
Alex: |
So, Mathieu, I wish I could tell you that there's absolutely
no cause for concern on the part of directors and officers, and the
news, honestly, isn't all that bad. |
Mathieu: |
When they call you, you must be able to sense how nervous they are about what's my exposure in this? |
Alexandra: |
I can't emphasize enough, Mathieu, how stressful a cyber
incident will be for an organization. And often times, it's the
organization's first foray into this type of crisis, and board
and management are often tasked with multiple different roles,
whether it be dealing with the media, responding to customers,
responding to various stakeholders, regulators, law enforcement,
etc. And so, it's an extremely taxing endeavour at an
organizational level. And so, your counsel's job is to optimize
your response from a number of different angles - mitigating
liability, ensuring remediation, litigation management - in this
inherently stressful situation. |
Mathieu: |
Sunny, Allison, Nicole and Alex, thank you for your valuable
insights and reminding us how important it is to be vigilant in a
cyber world. |
Yula: |
Until next time, stay well and stay safe! |
For permission to reprint articles, please contact the Blakes Marketing Department.
© 2020 Blake, Cassels & Graydon LLP.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.