Noerr Litigation Day – Cybersecurity is the responsibility of the management
Companies must react fast and effectively to cyberattacks. “It is also important to secure evidence that can be used later in court proceedings,” said Dr Anke Meier, who together with Dr Oliver Sieg presented Noerr’s Litigation Day today. The two heads of Noerr’s Litigation Practice Group guided the audience through the programme, in which experts discussed the challenges posed by increasing cybercrime.
Malware with stolen intelligence service source code
Bert Weingarten, CEO of IT security firm PAN AMP AG, made it clear in his presentation that the threat to the German economy from cyberattacks was continuing to increase. “We are observing a higher attack quality by new kinds of malware which contains stolen source code of intelligence services,” Weingarten said. Also, according to a study by Noerr and EBS Law School (2018), 36 per cent of companies with over 1,000 employees had been affected by cybersecurity incidents in the two previous years. Forty-seven per cent of those surveyed thought the threat was continuing to increase.
In the view of Dr Daniel Rücker, head of Noerr’s Data Protection Practice Group, managing cyber risks is primarily a management task: “The security of data and IT is the responsibility of the management.” If it cannot guarantee this, the management is liable for the consequential damage from cyberattacks. In particular, an early analysis of specific threat scenarios was needed and an emergency plan in the event of an attack, including measures to secure evidence, he added.
Rapid response needed in a crisis
If an emergency occurs in the form of a cyberattack, effective crisis management is required. It is crucial for companies to immediately take all necessary measures to secure data and preserve evidence, to fulfil reporting obligations and to pursue claims for damages. “This calls for a customised emergency plan,” Oliver Sieg emphasised. Crisis management should be controlled by specialised experts like the lawyers from Noerr’s Incident Response Team. Sieg said, “Together with the experts, management can also consider whether investigating authorities should be involved as well.”
Cybersecurity also plays an increasingly important role in court proceedings and arbitration. This issue was discussed at a panel discussion facilitated by Dr Jennifer Bryant, litigation expert and associated partner in Noerr’s Düsseldorf office. The method long used in large-scale proceedings, for example using review platforms based on artificial intelligence, makes it easier to search and structure large data sets.
Arbitration institutions are driving digital conflict culture
“At the same time, the requirements placed on IT security are increasing,” said Lucie Gerhardt, litigation specialist and associated partner at Noerr’s Frankfurt office. She pointed out that the large arbitration institutions represent the gold standards in IT security. The arbitration institute of the Stockholm Chamber of Commerce (SCC) has recently started to rely fully on digital case management by means of an e-file which is administered on a platform. Participants can both exchange files and communicate via the platform. “Above all, this procedure helps substantially avoid using emails, i.e. the weakest link in the communication chain from a security perspective,” she added.
Lucy Holden, Senior Legal Counsel at Cosma Europe, looked into the future (of dispute resolution). She said that an important step forward would be automated conciliation for current business relations in the B2B sector. By using data accruing during business partners’ long-term collaboration, software algorithms could make decisions independently and thus solve problems rapidly and objectively.