Lawyers need to pre-empt the risks of cyber industrial espionage
With details emerging from New York of a $45m (£29.3m) bank heist by thieves who hacked into a database of prepaid debit cards and drained cash machines around the world, it isn’t just clients’ bank accounts that are under threat from cybercrime but also their intellectual property (IP) and confidential information.
The threat stems from a major element of cyber industrial espionage. IP lawyers need to ensure their clients are aware of the risk posed by hackers who are looking for high-value IP and confidential information.
- Patents: One of the most notable consequences of cyber-crime is the exposure of confidential information relating to a patentable innovation. This exposure prevents the owner from achieving a patent by exposing the novel idea and prevents the owner from the opportunity to exploit the innovation.
- Breach of confidence: A breach of confidence is a double whammy for businesses. Not only can a breach of confidence lead to legal proceedings for damages stemming from a breach of contract, it can also destroy a commercial position. There is also the possibility of regulatory enforcement under FSA regulations, the Companies Act and privacy law. Regulators in the breach of confidence/privacy scene are certainly not toothless tigers and can impose hefty pecuniary penalties. For example, the UK Information Commissioner can impose fines of up to £500,000 on organisations for serious breaches of the Data Protection Act 1998.
Businesses that store confidential commercial data on behalf of clients or hold third party IP should ensure that strong protections from hacking are in place. This includes pre-emptive practices such as staff training and awareness about the danger of cyber attacks. Staff awareness not only protects client data, but also the company’s data.
Another pre-emptive measure is auditing. Businesses should have regular auditing processes in place to verify and review their security management systems.
If your client has its confidential data stored by a third party, contractual rights such as auditing and governance included in the storage agreement can provide your client with the ability to monitor security measures.
In light of the potential fallout, it is crucial that businesses that hold confidential IP address the risks and their legal responsibilities in relation to sensitive IP and data.
As lawyers, we need to be alive to the risks of cyber crime and ensure that our clients are given the best advice to put protections in place.
Sometimes, a right to sue in contract will not help a company that has lost all goodwill from a theft of its clients’ commercial IP – pre-emptive solutions need to be in place to counteract the danger of cyber attack.