We had a packed house for our Cyber Time: Crash Course for Directors and Officers event this week at the Bennett Jones Calgary office. The half-day session covered current cyber threats facing businesses today, litigation exposure from a cyber incident involving personal information or confidential business information, regulatory compliance obligations regarding the protection of personal information, and insurance solutions to mitigate certain risks associated with cyberattacks. Our panel of experts included Ruth Promislow and Michael Whitt of Bennett Jones, Jay Heidecker of Seekinto and Dan Lewis of Arthur J. Gallagher Canada Limited.
The consistent theme in all of the presentations involved the need to be proactive, rather than simply reactive. Being proactive makes good business sense in that it can reduce costs incurred in responding to an attack. It also can reduce litigation risk exposure from an attack or the response to the breach. Additionally, regulatory obligations require a proactive approach. Cyber insurance can be a key component to reducing risk exposure. However, it does not cover all forms of risk and it does not replace the need (and obligation) to address risk and vulnerabilities before an attack.
The key questions identified for directors and officers to ask included the following:
Asking these critical questions with the help of legal and technical experts is essential to managing risk for your corporation and you individually. For further information on how to manage your exposure from cybersecurity threats, the Bennett Jones Data Protection and Privacy group can assist.