cyberattacks. Hackers steal confidential information and ransomware shuts down companies, hospitals and governments. Since company computer systems are increasingly connected to the Internet (online stores) and also rely on Information Communication Technology (ICT) for internal processes, they are not just more vulnerable to attacks, but the impact of such attacks is higher. Orders cannot be processed, documents cannot be accessed, (manufacturing) processes are interrupted, and client data is made fines. Obviously, you can prevent that by taking IT measures. Less obvious, but still as important, is that you can take preventive legal measures to reduce the risk of an attack, limit the potential consequences of a hack and invest in your cybersecurity. This article deals with concrete preventive legal measures you, as a director or supervisor, can take to guarantee the safety of the company to the greatest extent possible, and thereby comply with your duty of care. A breach of the duty of care may lead to directors' liability. highest level. In addition, there has to be the required expertise. It has to be discussed at management level what kind of systems will be used and what the risks involved in using them are. This has consequences for the structure of the organization, the management and the company. (CIO) is a good way to acquire digital knowledge, centralize it and use it effectively. Many large and medium- sized companies have CIOs as the ICT has no longer only a supportive role but is leading in all company processes. The CIO is a member of the management and has the ultimate responsibility for the ICT policy of the entire organization. This is necessary for the company and will reduce the risk that the company and director relating to cybersecurity. Maybe your company is too small to employ a CIO. This does not change anything regarding the distribution of responsibility. The management or board of directors will be ultimately responsible for cybersecurity and the application of privacy regulations and will therefore have to make sure to possess the competence required in this field. executive directors, make sure to consider people who are familiar with digital risks so that they will be able to exercise their supervisory and advisory role sufficiently. After all, it is their task to advise the management board on digital security and to control the processes within the company in this respect too. In addition, the supervisors can benefit from this knowledge as they could be liable in case of insufficient supervision. the development of a new product or service, such as a new app, in a separate legal entity, whether or not with a separate ICT network. If matters turn out to be undesirable, the consequences for the remaining company will be limited. accidentally, by human errors. All people involved in the company, employees but also contractors and agency workers, therefore have to be aware of the importance of cybersecurity. This is called security awareness. Security of the Dutch law firm Russell Advocaten B.V. He is an experienced lawyer who serves as outside corporate counsel for both domestic and foreign businesses in the retail and IT sectors. He deals with business formation and reorganization, corporate governance, employment issues, real estate and all aspects of liability and contract law. Reimersbeek 2 1082 AG Amsterdam Netherlands russell.nl |