Cybersecurity

In recent years, the risk of companies falling victim to cyberattacks has increased dramatically. Should attackers succeed in penetrating internal systems, companies regularly find themselves exposed to considerable ransom demands, fines and/or significant loss of reputation. We support you in preventively identifying and remediating IT and data protection vulnerabilities in your infrastructure. If you become a victim of a cyber attack, we will help you with Incident and Emergency Response with our network of technical IT security consultants. We will handle communication with investigative and regulatory authorities on your behalf and support you in preparing and executing internal and external communications regarding the incident.

Modern security standards require a variety of effective, synergistic measures to protect the IT infrastructure. An information security management system helps you to establish procedures and rules within your organization to permanently guarantee and continuously improve the security of the information you process. In order to organize and permanently guarantee compliance with the special requirements of processing personal data, a data protection management system should also be introduced and maintained.

We will be happy to advise you on introducing data protection and information security management systems and ensuring that they mesh. If you wish, we can also support you with certification.

In the aftermath of an IT security incident, claims may also be made against corporate bodies, such as acting board members or managing directors. If previous protective mechanisms have not been effective, cyber insurance should be taken out as a last resort to provide effective cover for the responsible parties. The conclusion of such an insurance seems advisable especially because the damages incurred are usually not covered by the D&O insurance. Overall, the range of benefits of all insurance policies with regard to damage caused by IT security incidents should definitely be adapted to the respective company situation and the individual liability risk. Here, the legal expertise of our lawyers helps to identify which benefits should really be available.

The importance of data protection and data protection compliance is constantly increasing, and not only against the background of more and more reports of proceedings for fines and damages. For this reason, it is essential to ensure that the processing of personal data complies with data protection regulations. In practice, these requirements constantly present data controllers with new, complex tasks, the mastering of which can be associated with an immense expenditure of time and money.

Our cross-location team of market-renowned and award-winning experts supports you in answering individual questions as well as in designing extensive processes in compliance with data protection regulations and minimizing the associated risks.

In the event of a cyber attack, the most important step is to act quickly. Every hour that business processes are interrupted causes further damage to affected companies. Therefore, necessary immediate measures should be initiated immediately and a crisis team should be formed to coordinate further action. We will help you implement a comprehensive emergency response plan and support you in developing a tailor-made concept to prepare you for an emergency.

In addition to general IT security requirements, operators of critical infrastructures must also comply with the provisions of the BSI Act. As a result, operators of critical infrastructures must take particular care to ensure that the critical infrastructures they operate are and remain functional. After all, the failure or disruption of a critical infrastructure has significant consequences for a large number of people.

The increased requirements for operators of critical infrastructures apply both with regard to the elements, components and parts used and with regard to the software used. 

Every company is faced with the question of whether and to what extent it uses the support of external service providers to manage its IT infrastructure. The use of such managed services, which, in contrast to other types of IT outsourcing, involve regularly recurring services, can be worthwhile for companies since their own resources are saved. However, in the interest of both parties, the scope of the service to be provided should be clearly defined in advance and contractually agreed. Transparency about the acquired range of services is created by concluding a service level agreement, which contractually stipulates the services to be provided by the external company. The negotiation of this contract requires a high level of consulting and negotiation competence in order to optimally assert your interests. We are happy to support you in this.

Cybersecurity is a C-level matter. Therefore, the appropriate consideration of IT security law requirements and compliance with data protection regulations is essential for companies, regardless of their size. Companies that fail to comply with these obligations and, under certain circumstances, also their executive bodies, face the threat of claims from contractual partners or liability to the company. Serious violations of such obligations can also result in severe fines.

With the help of our holistic consulting approach, you can assess and minimize your liability and litigation risks. Our lawyers specializing in IT security, corporate, insurance and compliance law will be happy to support you in implementing and enforcing appropriate measures, taking out D&O insurance and, if necessary, defending yourself in court against asserted claims. 

Increasingly, cyberattacks are also occurring indirectly via external service providers. As with any cyberattack, there is also an enormous liability risk for the affected companies in the event of an indirect attack, i.e. in the form of an attack on another company within the supply chain. Especially against the background of ever new national and European legal requirements, companies face a wide range of legal issues when using and distributing digital products and digital content. We advise you on the implementation of a strategy that interlinks different, synergetic measures to secure the supply chain.        

The central concept of IT security law is that of "state of the art". Not only in the area of critical infrastructures, but also for telemedia providers, the use of IT systems at credit institutions, the introduction of technical and organizational measures in the area of data protection, policies of cyber insurance and much more, the interpretation of this term is of central importance and at the same time highly complex in legal terms.

The distinction from "generally accepted rules of technology" or the "state of the art in science and technology" is also a legal requirement that should not be overlooked.  Not least due to the technical expertise of our lawyers specializing in IT security law, we will be happy to advise you on the state of the art in all areas relevant to you.