What is cybersecurity?

​

Cybersecurity refers to the measures taken to protect data, systems and services against cyber threats. It is an essential part of business continuity and risk management and applies to all organisations, regardless of industry, although certain sectors are subject to specific cybersecurity regulation. For example, the NIS2 Directive and DORA impose sector-specific cybersecurity requirements.

​

Why is cybersecurity important?

​

The consequences of security breaches can be severe: financial losses, reputational damage and even interruption of business operations. Proactive cybersecurity helps prevent threats and ensures the company complies with both statutory and contractual obligations. Cybersecurity requires proactive preparedness, continuous staff training and addressing identified vulnerabilities. With small everyday actions and the right level of seriousness, every company can improve its cybersecurity posture.

​

How do we help with cybersecurity issues?

Cybersecurity is often considered the domain of IT and security departments. However, increasing regulation has made cybersecurity its own area of law, meaning lawyers play a significant role in solving cybersecurity challenges across organisations.

Cybersecurity involves extensive regulation, responsibilities and risks. We help interpret the regulation and address liability issues.

 

Legal thinking supports risk identification and management. We help organisations identify their statutory cybersecurity obligations (e.g., GDPR, the NIS2 Directive, national cybersecurity requirements) and support compliance by working closely on the development of security practices, processes and product development.

 

We assist in drafting and reviewing IT and other security-related service agreements to ensure that security obligations are properly addressed. We also support risk assessment and management by helping clients understand the legal risks associated with cybersecurity, including potential business impacts of cyberattacks. We help prepare clear internal guidelines and incident-response plans.

​

We can also provide support when a security incident has already occurred. We advise on fulfilling notification obligations towards authorities and customers. Listed companies may also be required to publish a stock exchange release regarding a cybersecurity breach under securities market legislation and stock exchange rules. Our services cover advice to listed companies on communications obligations as well.

​