Blog

Global Patterns and Risks in Cybersecurity

Ruth E. Promislow
September 27, 2018
Social Media
Download
Download
Read Mode
Subscribe
Summarize

What are the emerging patterns and risks for cybersecurity in Canada, the United States, European Union and Australia? A global panel shared their views and predictions at last week’s 64th Pacific Rim Advisory Council (PRAC) conference in Calgary.

Here are their key insights:

Patterns

  • Businesses need to take steps to understand their supplier’s cybersecurity hygiene—and include contractual terms in their agreements that require the provider to abide by a particular standard, permit the business to audit compliance with that standard, and require notification by the third party of a breach of safeguards. Other contractual terms should also identify which party will bear the costs associated with a cyber attack.
  • Cloud service contracts—which are generally offered on a take-it-or-leave-it basis—typically carve out liability for the cloud provider in connection with a cyber attack. As a result, businesses need to make sure they have other protections in place in connection with a potential attack against the cloud provider, as well as provisions in the cloud contract that permit monitoring of the cloud provider’s performance to the stated security standards.

Risks

  • Managing risk at an organization needs to be driven by business in collaboration with IT. Including IT staff in negotiation of contracts can be important in the context of, for example, cloud service provider agreements.
  • The human element remains the greatest weakness in cybersecurity. Everyone at a business needs to be trained on how serious the threat is and what to look for in their everyday communication. Leaders must align the entire organization to work together.

Looking Ahead

  • Regulatory: The EU’s General Data Protection Regulation (GDPR) came into force in May 2018, and has extraterritorial effect. Other jurisdictions around the world are following step with implementing more aggressive statutory regimes to compel compliance with protection of personal data.
  • Honeypots: This is an increasingly popular detection tool in cybersecurity defence. Honeypots are decoys on a company’s system that are intended to attract hackers. Their security is weaker and when a hacker enters a honeypot, the company can learn about the tactics of the attack—then use this information to deflect future ones.

Bennett Jones hosted the PRAC conference in Calgary, the first time the event was held in Alberta. I moderated the panel on Risky Business: Managing Cybersecurity as a Threat and Practice and panel members were:

  • Robert Beggs, CEO, DigitalDefence, Waterloo
  • Bruce Johnson, Partner, Davis Wright Tremaine, Seattle/Los Angeles
  • Ross Perrett, Partner, Clayton Utz, Brisbane
  • Jaap Stoop, Partner, NautaDutilh, Amsterdam  
Social Media
Download
Download
Subscribe
Republishing Requests

For permission to republish this or any other publication, contact Amrita Kochhar at kochhara@bennettjones.com.

For informational purposes only

This publication provides an overview of legal trends and updates for informational purposes only. For personalized legal advice, please contact the authors.

From the Same Authors

See All
Right to Have Your Information De-Listed
Blog

Right to Have Your Information De-Listed? The Federal Privacy Commissioner Issues Decision

August 28, 2025
Ruth E. PromislowCaroline PoirierSuzie Suliman
Ruth E. Promislow, Caroline Poirier & Suzie Suliman
23andMes Data Breach
Blog

23andMe's Data Breach: Key Takeaways

June 26, 2025
Stephen D. BurnsRuth E. PromislowJ. Sébastien A. Gittens
& 7 more