October 21, 2016
Latham & Watkins recently convened senior executives from more than 140 corporate and financial institutions for a seminar to discuss preparing for and managing risk in response to a cyber-security breach. Co-hosted with the Dubai International Financial authority (DIFC), and in conjunction with HSBC Middle East Limited and DarkMatter, the high profile event featured a number of presentations from key industry experts followed by a panel discussion.
Latham partner Andrew Moyle chaired the discussions and was joined by fellow partner Gail Crawford and associate Brian Meenagh; Stephen Brennan, Senior Vice President of Cyber Network Defense at DarkMatter; Jacques Visser, Chief Legal Officer and Commissioner of Data Protection at the DIFC; and Shamim Al Jabiry, Senior Legal Counsel, Digital & Data Privacy at HSBC Bank Middle East Limited.
Topics covered include:
- The legal risks associated with responding to a cyber security breach, including common threats and the categories of legal risk that organizations are exposed to.
- Best practice for managing cyber incidents and the impact that planning and preparation can have on mitigating the outcome of a breach.
- Regulatory compliance obligations at the DIFC in the event of a security breach, including the obligations of data controllers under the DIFC Data Protection Law.
Crawford said: “Hacking of organisations’ systems is becoming increasingly commonplace, regardless of the advancements in security practices. To mitigate risk , companies must have enterprise-level, cross function incident response plan that is rehearsed and practiced, to prevent delays and mistakes, to minimize conflicts of interest and ensure regulatory, legal and contractual reporting requirements are met."
“Today you must accept that your systems will, at some point, be breached, so having workable plans in place to address that inevitability should be an absolute given for all organisations.” added Moyle.
“Organizations in the Middle East need to be conscious of specific regional challenges when it comes to preparing for a data breach. Among other things there is a complex regulatory, law enforcement and notification regime and the cyber-insurance market here is less developed than in the US and Europe.” said Meenagh.