The Government’s Draft National Risk Assessment 2015 names cyber-security as one of the potential risks for Ireland in 2015. Cyber-security is not ‘just an IT issue’. It is a business critical issue that cannot be ignored and should be viewed as part of an organisation’s overall risk management strategy. Regulators, particularly in the financial services industry, are increasingly asking whether organisations are ‘cyber-attack’ ready. The Central Bank recently commenced cyber-security inspections as part of its enforcement priorities for 2015. Organisations subject to inspection will face questions about their cyber-security risk assessment, business continuity plan, insurance, network controls and so on.
A key part in any cyber-security strategy is understanding the legal implications of a cyber-security breach. There is the obvious cost in terms of reputational damage and business disruption, but there is also the cost of exposure to litigation. The tips set out below will help reduce litigation risk and minimise the value of any potential claims.