Heads of legal and compliance

Before

Understanding the particular compliance aspects that relate to data and your organisation and industry will help inform which products and services to purchase. Understanding how the products and services work will allow you to decide if they fit with those requirements e.g. where are servers hosted? How is data stored? In our experience, lawyers can add a huge deal to the selection of the right cybersecurity product or service as long as they are brought in early in the process.

The roles of compliance and legal will also help to inform your scenario plans. A dry run of a cybersecurity incident will throw up the kinds of challenges and tensions you are likely to encounter when the issue arises in real life. There will always be a healthy, natural tension between compliance and communications but it is best to know where this lies ahead of an incident.n

During

If a cyber incident affects your organisation, then you’ll need to be at the heart of decisions that are made which will have regulatory and other implications.

You’re best positioned to know what has to be reported and when and to whom. You’ll also be able to counsel on the courses of action available. The work done in this stage is often the bedrock of your recovery from the incident.

Regulators wants to know that you did the best you could given the circumstances – so making the right moves at this stage is essential.

After

Cyber incidents have a long tail and stakeholders have long memories. Some organisations have adopted a ‘lessons learned’ approach to their own data breaches and used it to lead their markets.

What will your recovery plan be? Compliance will take you only so far – how will you thrive post-incident?

How will the legal team and compliance work to drive the organisation forward?