iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
When Annie Haggar was first asked to help set up Accenture’s security division, she was a bit lost. Even though she had worked with technology and law most of her career, Haggar was totally new to the field of cyber security and law. But with that learning curve now behind her, she’s seen the need for every in-house legal team to be completely across all things cyber.
This has now led Haggar to set up Cyber GC, a firm dedicated to teaching in-house legal teams the importance of cyber security compliance and law, and teaching executives why the legal team is a vital part of any cyber incident response.
“I know what it’s like to think, ‘Gosh, I know nothing about this space’,” Haggar told Cyber Security Connect. “But I suddenly needed to and as an in-house counsel for over a decade, I also have that unique perspective about what the business needs to know from the inside, and what legal counsel for a business needs to know in order to help get the organisation security ready.”
Cyber GC (for General Counsel) offers a range of services, from helping companies and their legal teams establish their cyber-readiness level to triaging the most important activities and resources that a company should focus on. And in the wake of 2022’s disastrous data breaches in Australia, knowing the legal ramifications around cyber security incidents is more important than ever, Haggar believes.
“If you’re the average in-house lawyer around Australia — and even private practitioners in the legal space as well — and suddenly, every single person, and every business that you work with, has to know about cyber security and has to be taking action,” Haggar told us, “you’re sitting there thinking, I’m a property lawyer, or I’m an employment lawyer and I’m an expert in those things, because that’s what my business needs me to be an expert in.
“But suddenly, I’m also supposed to know all about this cyber security stuff. And it’s almost paralysing for legal counsel, they don’t know where to start.
“So where I’m offering my services is to come in and say, ‘Hey, I speak business. I speak inside counsel and corporate counsel, I know there are pressures that you guys are under. I understand the pressure that you’re under to keep the lights on in your business,” Haggar said.
Too often, in Haggar’s experience, part of the problem is that a company’s security and legal teams speak very different languages, and what might be a priority for one, may not seem so important to the other — which is exactly where she can step in to help both teams manage their priorities.
“I can also say things like, well, from a legal response, if you have a cyber breach, have you thought about your incident response plan from a legal perspective? Because the IT guys will say, ‘Yeah, we’ve got an incident response plan’. And you go, ‘Okay, what’s your out-of-bounds communications method and is it going to be protected by legal privilege to help us when we get sued in the future?’
“The tech guys will look at you and go, ‘Oh, I have no idea’. So that’s where there is such a huge amount of legal considerations in that incident response planning that I think gets forgotten by the security tech side.
“There’s really a role for in-house counsel, corporate counsel, to play at the table when you’re doing incident response planning, or when you’re doing the wargaming, and the training, and the preparation — which every business should be doing — and legal should be at that table.
“I think in-house counsel has been reluctant to insist on playing that role, partly because they don’t feel like they have the technical expertise. But also maybe the business hasn’t seen them as being so critical. But the number one person you should call when you have a breach in your business is your legal counsel.
“So, if they’re not at the top of your phone tree, and if they don’t know how to respond, you’re not going to come out of a breach as well as you could.”
Cyber GC opened its doors in January 2023, and you can learn more about the business and what it can offer at www.cybergc.au.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
