Newsletter
By Nathalie Cazeau, member of the Paris Bar
As 2024 draws to a close, the firm would like to express its gratitude for the trust placed in us throughout the year.
Thanks to you, we’ve had an exciting year in 2024, rich in human and professional resources.
We’ve worked with you on a number of exciting projects in a wide variety of fields, in which we’ve worked as a team with our customers.
We’re now looking ahead to 2025, and looking forward to continuing this wonderful adventure alongside you!
As the New Year approaches, we’re pleased to present the latest article in our newsletter, dedicated to a topical issue: helping businesses protect themselves against cyber attacks.
We hope you enjoy reading this issue, and wish you all the best for the festive season!
Lawyers help companies protect themselves against cyber attacks
The growing use of information and communication technologies within companies has revolutionized working methods. This digital transformation, while beneficial in some respects, is also accompanied by increased risks to the security of IT systems, known as cyber-attacks. Faced with this new threat, companies need to be vigilant and implement reinforced protection measures.
Protecting against the risks of cybercrime is a major challenge for businesses today. Indeed, the financial damage caused by cybercrime-related incidents can surpass that caused by natural disasters. It is therefore crucial for companies to invest in robust security systems and preventive strategies to guard against these new kinds of threats.
With this in mind, companies are deploying new solutions such as malware protection (from the contraction “malicious software”) to secure their IT infrastructures. This approach is also reflected in contractual relations between companies.
To protect internal data exchanged between companies, a new trend is emerging in the field of contract law: the implementation of cybersecurity policies. This approach aims to secure the exchange of sensitive data and strengthen resilience in the face of digital threats. By incorporating cybersecurity clauses into contracts, companies reinforce their protective posture and demonstrate their commitment to data confidentiality and security.
The aim of a cybersecurity policy is to provide companies with the means to protect their data. As with the rules governing personal data, the legislative framework for cybersecurity is not yet very restrictive. As a result, companies have some leeway to develop provisions tailored to their specific needs and in line with their level of risk and activities.
However, the law is taking an increasing interest in cybercrime, with the drafting of a cybersecurity code and the inclusion of the risks of cyberattacks in the insurance code in 2023.
Business demand for cybersecurity is booming, requiring rapid adaptation of contractual provisions.
In the context of the relationship between a client and a supplier, the latter may be confronted with the multiplication of cybersecurity policies imposed on him.
The problem with the multiplication of cybersecurity policies is that it leads to scattered and sometimes highly restrictive requirements from several principals. Suppliers find themselves at a loss when faced with this avalanche of demands.
However, it is essential for these suppliers to develop such policies to ensure the protection of their customers’ data.
To avoid a proliferation of cybersecurity policies, suppliers can set up a company-specific cybersecurity policy applicable to all contracts submitted.
Implementing such a policy is no easy task. It requires in-depth negotiation and the support of a specialist lawyer.
The aim is to put in place a policy applicable to all, offering an adequate level of protection while imposing proportionate obligations on the supplier.
This cybersecurity policy must also be sufficiently precise to enable customers to understand the extent of the protection offered by the supplier.
Typically, companies can set up password complexity policies that impose rules on password length or character requirements.
One of the main defenses against cyber-attacks is to minimize human error. One of the biggest risks is phishing. Phishing is the practice of obtaining confidential information about a natural or legal person by means of fraudulent techniques.
That’s why companies need to set up training programs to raise staff awareness of good cybersecurity practices, to prevent human error.
In addition, there are insurance policies enabling companies to obtain compensation in the event of cyber-attacks. However, most of these insurances require companies to have sufficient tools in place to protect themselves against the risk of cyber-attacks.
Protecting their activities against cybercrime enables companies to maintain a first-rate e-reputation, guaranteeing their customers’ trust and a privileged competitive position!
