Providing a guide to proactive cybersecurity risk management for global companies, Aimee Nolan, Vice President, Associate General Counsel and Chief IP Counsel at Grainger, Jason Smolanoff, Global Cyber Risk Practice Leader at Kroll and Orrick partner Tony Kim teamed up for this article for the Practice Law Institute’s PLI Current. Tony is a member of Orrick’s global Cyber, Privacy and Data Innovation Practice.
The article’s “Tips from the Trenches” identify seven actions lawyers can take to influence the management and mitigation of cyber risk at global companies. These range from “keeping good company” by diligently vetting third party service party providers and vendors to thoughtfully deploying legal privilege in the cyber risk context. The authors also stress the importance of ensuring boards are properly advised on cybersecurity obligations in corporate governance and that strong external communications procedures are in place to respond to cyber incidents.
“There is no “easy button” to push—but there are certainly some easy wins,” the article observes. “Cyber risk is constantly evolving, intensifying the enforcement risk that companies face from both regulators and private litigants. Of course, there is never enough time, enough money, or enough people to do everything. But prioritized, targeted work holds the best potential for mitigating cyber risk for the enterprise and its stakeholders.”