Presentation is loading. Please wait.

Presentation is loading. Please wait.

Neil Kirton and Zoë Newman

Published byBrendan Quinn Modified over 5 years ago

Similar presentations

Presentation on theme: "Neil Kirton and Zoë Newman"— Presentation transcript:

1 Neil Kirton and Zoë Newman
The GC on the Front Line: Corporate Counsel’s Role in Surviving a Company Crisis GLL Global GC Congress Neil Kirton and Zoë Newman September 2018

2 Agenda Introductions Crisis response
Managing an effective investigation Managing outcomes Conclusions

3 1 Introductions

4 Introductions Neil Kirton Zoë Newman
Managing Director, Business Intelligence and Investigations Managing Director, Business Intelligence and Investigations

5 Overview Managing a crisis Crises come in all shapes and sizes
GCs are often at the centre of a response Companies face high incidences of Fraud, Cyber and Security threats % of respondents encountering an issue in the past year; 2017/18 Kroll Global Fraud & Risk Report

6 2 Crisis response

7 Crisis response A crisis unfolds – case study

8 Crisis response What happened next
CEO contacts Head of IT to investigate and they determine that there is likely a security incident as the attached documents were genuine Contacts GC to initiate crisis response GC forms crisis committee; contacts insurers and external advisors Legal PR Incident response investigators Negotiators

9 Crisis response Immediate agenda for the GC
Building crisis management team – internal and external members Business continuity Use of / compromised systems Recovery of data / availability of backups Bug sweep Technical Surveillance Counter Measures Internal and external communications Insider lists / price sensitive information Internal stakeholders Partners and customers Individuals / Employees Resourcing the incident response – internal vs. external resources Follow-the-sun resourcing?

10 Crisis response Initial questions to consider
Do you have an incident response plan? Which internal stakeholders are involved – who really needs to know? IT/CISO/CIO Data Protection Officer / GC C-suite / shareholders HR / Finance / Operations Which external advisors should be notified External Counsel PR Investigators Do you have insurance? At what point do you involve: law enforcement, regulators, other stakeholders (employees, customers, data subjects)? Budgeting - who pays? Who needs support / managing ? Who could cause problems? What is the role of the GC?

11 Managing an effective investigation
3 Managing an effective investigation

12 Managing an effective investigation
Conducting the investigation – case study Internal investigation Rule out internal collusion - review of user activities, permissions and communications Identify digital vulnerabilities/compromise Implement cyber resilience strategy External investigation of potential suspect Client identified possible suspect. Subsequent investigation found no evidence to forensically link the suspect to the attack Taking offensive actions Investigation into attacker’s IT infrastructure and recovery of data Cluttering and takedown exercise and monitoring of attacker’s online activities Data review To better understand the extent of the issue and inform notification strategy External communications and regulatory action

13 Managing an effective investigation
Conducting the investigation – issues for the GC Managing/supporting crisis management team Business continuity Insider wrongdoing? Necessary/appropriate actions with HR Remediation steps Engagement with authorities/law enforcement Internal and external communications When and who to notify Data review Speed, accuracy, costs Challenges (multiple pages docs, foreign languages, data types, unusual formats) Legal commercially sensitive information / legal challenges Personal information

14 Managing an effective investigation
Conducting the investigation – questions to consider Who is responsible for the incident? Has the issue been resolved / contained? Can you recover losses? How far do you go?

15 4 Managing outcomes

16 GC GC Managing outcomes
External communications and regulatory action – case study GC Employees Press Contracted parties Subscribers Suppliers Customers GC

17 Managing outcomes Managing the tail – issues for the GC Litigation
Police action Witness statements Trial and prosecution Notification process Systems and remediation exercises Policies and procedures Training Billing discussions with insurers

18 Managing outcomes Managing the tail – questions to consider
Lessons learned? Are we safe going forward? Do we need to allocate more budget? Are we happy with our external crisis team and/or insurance cover?

Download ppt "Neil Kirton and Zoë Newman"

Similar presentations

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Freshfields Bruckhaus Deringer LLP Global investigations What to advise your board Marius Berenbrok Edward Braham Matthew Herman Melissa Thomas 29 February.

Freshfields Bruckhaus Deringer LLP Global investigations What to advise your board Marius Berenbrok Edward Braham Matthew Herman Melissa Thomas 29 February.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
CORPORATE COMPLIANCE OVERVIEW David Meisels OSB Corporate Counsel Roundtable April 26, 2012.

CORPORATE COMPLIANCE OVERVIEW David Meisels OSB Corporate Counsel Roundtable April 26, 2012.
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
Network security policy: best practices

Network security policy: best practices
Are you ready for a recall? Medical Device Regulatory, Reimbursement and Compliance Congress March 28, 2007 Willie R. Bryant, Jr. Consultant Stericycle,

Are you ready for a recall? Medical Device Regulatory, Reimbursement and Compliance Congress March 28, 2007 Willie R. Bryant, Jr. Consultant Stericycle,
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
Kpmg. The Fourth Asian Roundtable on Corporate Governance Shareholder Rights and the Equitable Treatment of Shareholders Deepankar Sanwalka KPMG “Tools.

Kpmg. The Fourth Asian Roundtable on Corporate Governance Shareholder Rights and the Equitable Treatment of Shareholders Deepankar Sanwalka KPMG “Tools.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.

Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.
Fraud in corporate environment - results of the survey 31 May 2005.

Fraud in corporate environment - results of the survey 31 May 2005.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Making Business Continuity Child’s Play Solutions Ltd Business Continuity Management Contact details: Contact : Mick O’Regan Mobile : 087-2897687 Email.

Making Business Continuity Child’s Play Solutions Ltd Business Continuity Management Contact details: Contact : Mick O’Regan Mobile :
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Implementing and Auditing Ethics Programs

Implementing and Auditing Ethics Programs

Similar presentations

Ads by Google