Skip to content
Sub practice
Sub practice

Cyber Security

Cyber attacks cannot be avoided! Do you have a communications plan and cyber attack incident response plan for this eventuality? Do they take account of the type of cyber attack and the different stakeholders?

Cyber attacks are unavoidable and there is usually no defence against them – statistics reveal that there are about 80 to 90 million cyber attacks per year worldwide, and two thirds of German companies have already been a target or victim of cyber attacks. With Industry 4.0, the Internet of Things (IoT), big data/data lakes, autonomous driving and smart homes/devices on the rise, the risk of cyber attacks will further increase in the future (about 400 new threats per minute are being released worldwide). In addition to breaches of law and reputational risks, cyber attacks and data incidents in particular cause financial losses. According to current statistics, the average cost of an individual data incident in Germany was EUR 3.42 million in 2017.

If a cyber attack is detected at all, this will trigger an immediate communication requirement for the affected company with and vis-à-vis its stakeholders. The first 30 minutes are crucial. Communication must be at Twitter speed. At the same time, legal notification duties towards authorities, customers, employees, the public/stakeholders must also be met. Under the General Data Protection Regulation, any personal data breach must be notified to the competent supervisory authority without undue delay but not later than 72 hours after it was identified. Fine that could be payable in case of delayed or inaccurate notification: up to EUR 10 million or 2% of consolidated worldwide turnover.

Your challenges

Data is critically important for companies, which is why protection from unauthorised access by both external third parties and the company's own employees is vital. In order to ensure effective data protection management and cyber security, companies must know their respective stakeholders in terms of data protection. In addition to employees and their representative bodies, customers or users as well as suppliers/business partners, stakeholders may also include creditors/capital markets, investors, supervisory/regulatory authorities (e.g. Data Protection Authority, BSI, German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht; BaFin)) or the press/media. These stakeholders and their expectations must be taken into account when structuring the relevant processes and communications (both internally and externally). Contract positions must be secured, and trust must be maintained or rebuilt. So who communicates with whom and when? In this context, it is essential to implement organisational safeguards in order to protect data from unauthorised access, in addition to preventing the loss of data by technical means. A holistic approach has proven successful in this regard, comprising both repressive and preventive action. Any company lacking an integrated Data Incident Response Communication Plan (DIRCP) will have no real chance of success.

Our expertise

Allen & Overy and Hering Schuppener have created an integrated advisory tool that offers legal and communications advice regarding cyber attacks from a single source. We would be glad to support you both in implementing preventive measures and if you have fallen victim to an attack. Your advantage: cooperation that is unique in the market between leading legal and communications firms – you will benefit from just one interface for an entire range of expertise.

Scope of services
  1. Prevention: Developing strategic and legal communications plans to prepare for unavoidable cyber attacks
  2. In case of attack: Legal and strategic advice in response to a cyber attack
  3. Consequences: Managing crisis communication and the additional measures to be taken after a cyber attack

News & insights

Aluminium

News: 04 May 2022

Allen & Overy advises HALEX Holding on the sale of its toolmaking division

Allen & Overy has advised HALEX Holding GmbH, a portfolio company of private equity investor Bencis Capital Partners, on the sale of its toolmaking division (HALEX Extrusion Dies) in Germany and in…

Read more
people travelling

News: 24 February 2022

Allen & Overy advises TripActions on the acquisition of Comtravo

Allen & Overy has advised TripActions, a company for travel, corporate card and expense management based in Palo Alto, California, on the acquisition of all shares in Berlin-based Comtravo GmbH…

Read more
Person using laptop, security icon on sceen.

Blog Post: 13 December 2021

CJEU issues opinion in favour of allowing consumer organisations to bring representative actions against GDPR infringement

On 2 December 2021, the Court of Justice of the European Union (CJEU) published the Advocate General’s (AG) opinion in case C-319/20 (Facebook Ireland) (the AG Opinion) relating to the issue of…

Read more
Mobile phone with security app on screen

Blog Post: 26 July 2021

CJEU Advocate General interprets direct marketing by email and targeted advertising under ePrivacy Directive

On 24 June 2021, the Advocate General (AG) of the Court of Justice of the European Union (CJEU) issued his opinion on the preliminary ruling request submitted by Germany's Federal Court of Justice…

Read more

Download

crisis management cybercrime

Crisis Management - Cybercrime

Cybercrime – criminal activities that exploit electronic infrastructures – is one of the greatest threats faced by companies in the digital age. Both the number of attempted attacks and the level of professionalism employed by the perpetrators have been on the rise for years. Attacks are thus occurring more often while also becoming more complex. Cases of cybercrime are to be viewed as corporate crises requiring a fast and legally sound response. We can offer our experience in the relevant legal fields, combined with our contacts at the competent authorities and other service providers. Be it prevention or response, cybercrime requires your attention. We would be happy to advise you – please don’t hesitate to contact us.

Digital maturity

Digital maturity, built on the IT cornerstones of cloud, mobile, social and big data is affecting all industries.

Our integrated, multidisciplinary teams are available to help clients smooth the path for digital projects.