cyberattacks. Hackers steal confidential
information and ransomware shuts down
companies, hospitals and governments.
Since company computer systems
are increasingly connected to the
Internet (online stores) and also rely on
Information Communication Technology
(ICT) for internal processes, they are not
just more vulnerable to attacks, but the
impact of such attacks is higher. Orders
cannot be processed, documents cannot
be accessed, (manufacturing) processes
are interrupted, and client data is made
fines. Obviously, you can prevent that
by taking IT measures. Less obvious,
but still as important, is that you can
take preventive legal measures to reduce
the risk of an attack, limit the potential
consequences of a hack and invest in your
cybersecurity.
This article deals with concrete
preventive legal measures you, as
a director or supervisor, can take to
guarantee the safety of the company to
the greatest extent possible, and thereby
comply with your duty of care. A breach
of the duty of care may lead to directors'
liability.
highest level. In addition, there has to
be the required expertise. It has to be
discussed at management level what
kind of systems will be used and what
the risks involved in using them are.
This has consequences for the structure
of the organization, the management and
the company.
(CIO) is a good way to acquire digital
knowledge, centralize it and use it
effectively. Many large and medium-
sized companies have CIOs as the ICT
has no longer only a supportive role but
is leading in all company processes. The
CIO is a member of the management and
has the ultimate responsibility for the ICT
policy of the entire organization. This is
necessary for the company and will reduce
the risk that the company and director
relating to cybersecurity.
Maybe your company is too small
to employ a CIO. This does not change
anything regarding the distribution of
responsibility. The management or board
of directors will be ultimately responsible
for cybersecurity and the application of
privacy regulations and will therefore have
to make sure to possess the competence
required in this field.
executive directors, make sure to consider
people who are familiar with digital risks
so that they will be able to exercise their
supervisory and advisory role sufficiently.
After all, it is their task to advise the
management board on digital security
and to control the processes within the
company in this respect too. In addition,
the supervisors can benefit from this
knowledge as they could be liable in case
of insufficient supervision.
the development of a new product or
service, such as a new app, in a separate
legal entity, whether or not with a separate
ICT network. If matters turn out to be
undesirable, the consequences for the
remaining company will be limited.
accidentally, by human errors. All people
involved in the company, employees
but also contractors and agency
workers, therefore have to be aware of
the importance of cybersecurity. This
is called security awareness. Security
of the Dutch law firm Russell Advocaten B.V.
He is an experienced lawyer who serves as
outside corporate counsel for both domestic and
foreign businesses in the retail and IT sectors. He
deals with business formation and reorganization,
corporate governance, employment issues, real
estate and all aspects of liability and contract law.
Reimersbeek 2
1082 AG Amsterdam
Netherlands
russell.nl