Our clients have been approaching us with increasing frequency in recent months for advice on cyber risk, and an appropriate legal and regulatory response to that risk. We have collated in this briefing the following commonly asked questions, together with some summary answers:
1. What level of cyber security does a company need?
2. Given recent cyber attacks, should a board be reviewing cyber risks?
3. Should every board have a cyber security expert?
4. Do organisations need internal and/or external experts, consultants and/or auditors to assess and
review cyber readiness?
5. Can a company benchmark what others are doing in this area?
6. If a cyber attack is suspected or happens, who needs to be informed?
7. If your company is the victim of a malicious cyber attack, would it still be held responsible
for the implications?
8. Is insurance against cyber security risk available?
9. What steps should companies be taking in relation to their suppliers?