The changing role of lawyers in a cyber-attack

In June, file transfer app MOVEit was breached, causing sensitive data from a number of high-profile organisations, including the BBC and Ofcom, to fall into the hands of hackers. In fact, according to the 2022 Cyber Security Breach Survey, more than a third (39 per cent) of UK firms suffered a cyber-attack last year. 
A data breach occurs when sensitive or confidential information is accessed, disclosed, or stolen by unauthorised individuals. After a data breach happens, it’s a huge challenge for all departments across the business, including the legal team, who now play a key role in helping organisations navigate the legal aspects of potential consequences of a data breach. 
Legal teams have now become a crucial part of an organisation’s cyber strategy across every step of the journey, governing everything from incident response plans and regulatory challenges to stakeholder management.

Pre-incident 
For any organisation, the threat of a cyber-attack is not a case of if, but when, so preparation is key. A crucial part of this preparation is developing and testing incident response (IR) plans.
IR is a subset of cybersecurity which includes strategies around technical tasks, processes and workstreams, such as detecting, preventing, stopping, and remediating cybersecurity incidents. IR planning in today’s interconnected digital world is critical. 
Lawyers can help develop a customised IR plan with a detailed understanding of how cybersecurity and cyber law affect an organisation, to provide a coordinated, organised, and effective response.
As part of the plan, legal teams should structure their approach across several practices when assessing the legal implications of a potential breach, including violations of data protection laws, privacy regulations and contractual obligations. They should also help the organisation understand its legal obligations and potential liabilities, including the implications on any contracts in place with third-party vendors, clients, or partners.
Furthermore, solicitors are there to ensure that the organisation complies with relevant regulations, such as GDPR for those operating within the European Economic Area (EAA) and UK, to guide them through any necessary reporting or notification requirements. 

During an incident
Legal support during a data breach involves several key responsibilities. In complex data breaches, solicitors should ensure they’re working effectively alongside cybersecurity experts, forensics teams and other specialists to determine the scope of the breach, assess the potential damage and identify the vulnerabilities that caused the breach. This could be anything from a personally identifiable information leak, to a threat actor on the network watching a business’s unique manufacturing process via a hacked CCTV infrastructure.
Depending on the severity of the breach and the applicable laws, the organisation may then need to notify affected individuals, regulatory authorities (such as the Information Commissioner’s Office) and other stakeholders. The solicitor should guide the organisation through this notification process, ensuring that it is done in compliance with legal requirements.
Following this, the solicitor should support with a wider communication strategy that provides accurate and timely information to those affected, while managing potential legal risks.

Post-incident
After responding to a cyber-attack, the duties of a lawyer continue. In some cases, a data breach could result in legal actions or claims from affected parties, and therefore the solicitor will need to represent the organisation's interests in negotiations, settlements, or potential litigation. During this time, and throughout the cyber-attack process, solicitors will need to document all actions, communications and decisions carried out during the breach response.
Solicitors should also play a key role in rebuilding cyber resilience after an attack, working closely with the organisation to reassess and rework the incident response plan to mitigate any further impact and prevent future breaches.

Final thoughts
A solicitor's role during a cyber-attack is to provide legal expertise, guidance and strategic advice to help the organisation manage the legal and regulatory challenges that arise from a breach, and to minimise its potential negative consequences. 
It’s a long and complex process, and with the chances of an attack remaining high, it’s clear that lawyers must be a central part to every organisation’s cyber strategy to give themselves the best advantage when they fall victim to an attack.
Matt Dowson is a cyber security specialist at iomart.