Top firm says cybersecurity risk procedures now a must

Not taking action means exposure to very real legal consequences in the next 18 months

Top firm says cybersecurity risk procedures now a must
Businesses in New Zealand need to establish cybersecurity risk procedures lest they want to face very real legal consequences in the next year and a half, a top firm warns.

In its “2017 Litigation Forecast” report, MinterEllisonRuddWatts said that 2016 made businesses in the country realise the importance and sheer enormity of cybersecurity risks, with the topic being increasingly discussed by senior management teams.

It said that the current response to the issue is to adapt basic risk management strategies to cybersecurity, but that approach needs more room for improvement. The current business environment actually provides a unique opportunity for businesses to adapt world-class, or even world-leading, policies, it said, as the government is yet to ramp up enforcement in the field.

Part of the growing pressure to enhance cybersecurity and strengthen regulatory enforcement is how damaging it could be to the country. The firm said that in 2015, cybercrime cost the country’s economy $257m and affected 856,000 people.

The privacy commissioner had signified that regulatory activity will “heat up in the next 12-18 months,” the firm said. This means that organisations run could be exposed to legal consequences if they do not act.

“As well as reputational and financial consequences, there are very real legal consequences starting to take hold in the United Kingdom, Australia and United States. These are likely to be heading our way,” the top firm said.

Possible consequences include class actions by shareholders for possible breach of duties by directors and by customers for business negligence, breach of contract, and breach of data protection requirements. Financial regulators are also expected to launch actions against organisations that fail to disclose and protect against cybersecurity risks.

“We expect to see these types of enforcement actions emerge in New Zealand as the nature and extent of local breaches increase. Organisations preparing their cyber security risk management can add another good reason to the list of why it makes good business sense to get your cyber house in order and be ready to respond,” MinterEllisonRuddWatts said.

Before cyber breaches happen, organisations need to establish IT systems, manage employees, consider procurement and suppliers, assess risks, develop a crisis management plan, and consider insurance.

When hit, organisations should contain the breach, diagnose its severity, communicate to legal experts and other parties, and learn from the incident, the firm said.


Related stories:
50 offenders convicted under cyber-bullying law
Don’t fall for accountant email con, lawyers told

Free newsletter

Subscribe to our FREE newsletter service and we’ll keep you up-to-date with the latest breaking news, cutting edge opinion, and expert analysis affecting both your business and the industry as whole.

Please enter your email address below and click on Sign Up for daily newsletters from NZ Lawyer.

Recent articles & video

Nominations now open for NZ Law Awards 2020

COVID-19 and NZ courts updates: 3 June

Slater and Gordon UK looks to embrace the remote work setup after COVID-19

First female managing director takes the helm at AJ Park

Chapman Tripp advises on first capital raising to apply NZX relief

NZ Lawyer Employer of Choice 2020 entries close tonight

Most Read Articles

First female managing director takes the helm at AJ Park

Chapman Tripp advises on first capital raising to apply NZX relief

Parliamentary select committee to review COVID-19 legal framework

NZ Lawyer Employer of Choice 2020 entries close tonight