Review: BioRiver working group IT security
The third meeting of the IT working group on August 25 dealt with the topic “Cyber risks for companies – practical cases, manager liability and safeguards”. The online event focused on aspects of contract and insurance law.
Cyber risks After a brief welcome by BioRiver Managing Director Dr. After a short round of introductions between the around 15 participants, moderated by Josephine Müller-Gorski (Miltenyi Biotec), the first lecture dealt with cyber risks, liability issues and protection options. dr Schaloske, Ms. Zürn and Dr. Malek, lawyers at the international law firm Clyde & Co, gave an overview of possible cyber risks from blackmail software to data leaks and espionage. These challenges affect all industries. Life science and biotech companies and especially SMEs are also frequent targets of hacker attacks.
Possible legal and economic implications after a cyber attack range from official reporting requirements (GDPR) and liability towards business partners or consumers to fines in the millions for violations of compliance obligations and possible liability of managing directors and board members if the crisis reaction is incorrect. Cyber insurance can help companies get the risks under control and reduce the consequential damage of a cyber attack: They pay for their own damage and damage to third parties and typically also include a range of services from specialists such as IT forensic scientists, legal advisors and experts for business interruption losses.
The prerequisites for insurance cover include, among other things, appropriate technical protective measures. Especially for SMEs that do not have (sufficient) their own IT capacity, it is important to prepare for an emergency. Cyber insurance companies regularly provide a network of service providers.
Risk management One of these service providers is Kroll, a provider of risk solutions that also works for companies in close coordination with their insurance companies. Kroll offers a variety of services including due diligence, compliance, physical and operational security, and data and information management to help clients make informed cybersecurity risk management decisions. Henk Gomis, Vice President Cyber Risk at Kroll, described the service portfolio from security audits and risk assessments to penetration testing, forensic analysis and data recovery to process consulting. Using a few practical cases, he outlined the far-reaching scope of today’s cyber risks and made it clear what serious consequences security incidents can have.
Only one thing is certain: Whether and to what extent companies should take out cyber insurance cannot be answered in general terms. However, there is no question that IT security is a business-critical factor. As part of risk management, dealing with this topic is a MUST for all companies and all managing directors. Or, like Mrs. Dr. As Hangen put it in her concluding thanks to the speakers: The lectures had shown the abyss from which one must protect oneself with an appropriate action plan.