Page 7 - UZAZOO.BH964
P. 7
Network Security and Privacy
The Role of Corporate Counsel
Lawyers advising corporate clients on sophisticated data security • Implement risk management best practices, such as IT security,
matters understand that breaches do occur and the stakes can corporate policies & procedures and contractual allocation of
be high. While proactive measures to mitigate risk can be costly liability
and time-consuming, they are far less demanding than the
consequences of a serious breach, which can require dealing with • Train and monitor employees, subcontractors, parties and
a seemingly endless list of critics, including the client’s General others regarding such best practices
Counsel, the Board of Directors, the SEC, the FTC, prosecutors,
politicians, customers, patients, students, aggrieved employees, • Model the range of potential frequency and severity of losses
shareholders, plaintiffs’ class-action lawyers, the media, and the from network security and privacy incidents for your unique
public. Moreover, having a robust, well-documented program industry and entity specific circumstances
to monitor security matters may provide favorable evidence of • Determine the entity’s risk appetite to retain, mitigate and
the company’s efforts, thus reducing liability should an incident transfer network security and privacy exposures compared to
occur. A network security and privacy risk mitigation program the entity’s overall enterprise risk management
should start with the following: 26
• Analyze existing insurance policies for possible partial network
• Identify, classify and quantify the use of information assets & security and privacy exposures coverage
electronic methodologies, including reliance on third party
outsourced service providers • Consider customized network security and privacy insurance to
stabilize the entity’s financial statements and mitigate the risk of
breach of fiduciary of management and the board of directors
Network Security and Privacy Liability Discovery Process
Exposure Analysis
Vendor / Contractual Risk • New Products
• Procurement
Process
and/or Services
Technology Risk
• Vendor Diligence
• Quality Controls
• Limitationf
of Liability • Employee Training
• Contract Mangement
• Cloud • Dispute Resolution
cannot cannot
read this read this
cannot
read this
• Content • Data Risks
Development • Privacy Policy
Clearance • Security Controls
Security & Privacy Risk
• Intellectual
Property Review • Data Breach
Response Plan
Exposure Analysis
Media / IP Risk
27 Cybersecurity: The Corporate Counsel’s Agenda: http://www.hoganlovells.com/custom/eDocs/Cybersecurity%20Advisory_Pearson_11152012.pdf
Aon Risk Solutions | Cyber Insurance 7
