Cyber Risk

Print this page

OVERVIEW

Cyber crime is one of the world’s fastest growing crimes. It is frequently cited as one of the most significant risks facing businesses worldwide. The increase in cyber risks has resulted in many of the world’s largest enterprises falling victim to network outages, data breaches and malicious attacks. These factors, combined with evolving data protection laws, increasing awareness of reputational damage, and exposure to business interruption claims, have led industry leaders to seek solutions.
 
The McCague Borlack LLP Cyber Risk Practice Group is a key element to the strategy our clients use to protect themselves and their businesses from all forms of cyber risk. These clients are in every discipline and include individuals, professionals, partnerships, small to mid-sized businesses, major corporations and their directors and officers, representatives from the insurance and financial services industries, and select clientele in the retail and hospitality industry, media and entertainment, education, the public sector and the health care sector.
 
In today’s environment, cyber risks pose a very real threat to our way of life. While we can assist our clients in minimizing exposure to cyber risks, security breaches are inevitable. However, robust breach response policies and contingency plans, as well as a thorough understanding of applicable laws and best practices, will help ensure that risks are mitigated with minimal business interruption. McCague Borlack LLP welcomes the opportunity to assist our clients in handling their cyber risks from initial threat through to final resolution.

SERVICES

The cyber risk related services our Team provides includes the following:

  • Advice on data and asset storage, management, security and protection;
  • Risk Management advice on data sharing, retention and input management;
  • Access to a broad range of third party experts including IT security, penetration and vulnerability consultants, data de-identification and “anonymization” experts, and other specialists who provide a broad range of cyber risk solutions;
  • Regulatory interpretation, analysis and compliance;
  • Employment Law advice on employee data collection protection policies, social media policies, and recruitment procedures;
  • Reputation management advice including cyber libel and slander;
  • Business interruption loss assessments, calculations and advice;
  • Managing public relations including Strategic Messaging and Response Training (S.M.A.R.T.);
  • Development of strategies for data breach reporting, customer notification and advice on mitigation of damages strategy;
  • Post breach coaching;
  • Providing a broad range of Privacy Law services including advice and assistance on compliance with privacy and access laws, ensuring that the collection, use and disclosure of confidential information complies with privacy legislation;
  • Advising on clients’ rights,  obligations and recourse for security breaches;
  • Responding to “access to information” requests;
  • Assistance with breach notification to affected individuals, together with development of best practices for containment and business interruption mitigation;
  • Developing risk management and breach response policies, privacy impact assessments, and contingency plans;
  • Advising on subrogation and other recovery strategies against third parties who failed to provide appropriate security/protection;
  • Providing guidance to directors, officers and/or company management regarding proper overseeing of cyber security, identity and quantification of cyber incidents, and related disclosure obligations;
  • Providing guidance to clients with respect to third party service agreements to ensure that said agreements have appropriate technical, physical and administrative safeguards in place to ensure adequate protection of data; and
  • Comprehensive coverage services including drafting and opining on the interpretation of policy wordings, exclusions and endorsements.

CHAIR(S)

MEMBER(S)

Next arrow
Prev arrow

PUBLICATIONS

View All
Default Causation And Standard Of Proof For A Hypothetical Pre-Trial Loss

First Published in Advocates Quarterly. This paper addresses whether the same principles regarding the “real and substantial possibility” standard of proof apply to a hypothetical past loss claim as they do to a hypothetical future loss claim, and the interplay between the two standards of proof applicable to hypothetical claims: balance of probabilities for the “but for” causation test, and “real and substantial possibility” for damages.

Yopu got hacked thumb original You got hacked: Limits on liability - A Case Study of Owsianik v. Equifax Canada Co, and Instrusion of Seclusion

In Owsianik v. Equifax Canada Co (Equifax), 2021 ONSC 4112, the Divisional Court was required to determine the scope of the court to intervene when Equifax's client stored data was hacked by an unknown third party. Specifically, the Court needed to determine whether the Court created tort known as intrusion upon seclusion would include the failure to protect people's private data against a third-party intrusion.

A pleading original A Plea for Simple Pleadings

You have just been sued for breach of contract by a former business partner.

As you skim through a legal document that sets out a laundry list of your alleged failures and faux pas, a few paragraphs jump out at you. Why does the document make reference to an argument over the design of your company's logo? And why is there commentary on the not-so-secret office romance between two of your employees? As far as you can tell, neither of these issues have anything to do with the contract in dispute.