‘Be proactive and reactive when it comes to cybersecurity’

20 Apr 2023

Rachel Hayes. Image: Connor McKenna/SiliconRepublic.com

Rachel Hayes of William Fry shares her insights on how businesses can safeguard their operations against legal troubles from cyberattacks.

Unfortunately for companies, many of them are sitting ducks for cyberattacks. Clever criminals know that busy businesses are no match for their nefarious hacking skills and they take full advantage, often to devastating effect.

News stories like the recent ransomware attack on Derry-based tech company Evide are proof that cyberattacks aren’t going away any time soon. Companies need to be aware of what can happen when they fall victim to an attack.

To get an insight into what businesses should know about the extent to which they are liable if they are targeted by hackers, SiliconRepublic.com sat down with Rachel Hayes, senior associate at William Fry.

Cyberattacks can give rise to legal action being taken against a company and Hayes said that in some cases companies and their officers can be held criminally liable.

There’s also the “reputational damage” aspect, as Hayes put it. She explained that in Ireland, companies can be investigated by the Data Protection Commission, and under EU law they can be fined up to €20m or 4pc global turnover for breaches of GDPR.

So, what steps can companies take to avoid these consequences? For starters, they must be “proactive and reactive when it comes to cybersecurity.”

“Make it a standing agenda item for your boards and stakeholders because cyber incidents are here to stay.”

Hayes added that all companies – not just Big Tech companies ­– need to look at their cybersecurity measures because “they have to be up to date and be tested”.

“In terms of the specific things a company should do, I’d recommend that they conduct security impact assessments, evaluate cyber response plans, assess data protection policies and procedures and embed cybersecurity and data protection into all business units through specific training and awareness campaigns.”

Overall, companies – and particularly SMEs – need to be on top of cybersecurity affairs to protect their reputations, clients and employees, she said.

Concerningly, a recent survey by IT service provider Typetec and Censuswide found that nearly 80pc of businesses surveyed had experienced cyberattacks. However, the survey also found that many Irish SMEs said they planned on slashing their cybersecurity budgets by 50pc in 2023.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Blathnaid O’Dea was a Careers reporter at Silicon Republic until 2024.