The attention being paid to cybersecurity by both government and businesses in the U.S. has reached unprecedented heights, according to a new cybersecurity outlook report from Gibson, Dunn & Crutcher. And that attention is going to keep growing through 2013, partner Alexander Southwell said.
"What we’re going to see is an increase in the prevalence and the sophistication of attacks on core infrastructure companies, along with a broadening of those attacks against all types of companies," said Southwell, co-chairman of the firm’s information technology and data privacy practice.
As the attacks grow more sophisticated, he said, there will be "a constant cat-and-mouse game where companies and the government try to prevent such attacks, or at least better prepare for them."
The Gibson report released Wednesday cited an increased focus by the Obama administration on data privacy and security "as the world continues on its path of unprecedented technological transition."
The report discusses the significant legal cases and events of the past year, such as President Obama’s recent executive order to increase the sharing of critical cybersecurity information and his call for legislative action to protect networks and data.
But looking ahead, Southwell predicted three cybersecurity areas will dominate the concerns of general counsel in 2013.
The first is the use of mobile devices and the risk connected to them. "Mobile is increasingly the way that companies are engaging with their customers and the public, and also how many employees are communicating with one another and accessing network resources," Southwell noted. "And there are much more significant security risks that come from that."
He explained that many employees like to use their own mobile devices, and from a cost perspective companies like that, too.
"But with that comes a tension with the [company's] need to protect one’s network. We’ll see that continue to play out, and companies will address it in different ways depending on the amount of risk and their financial ability," predicted Southwell, who is also a former assistant U.S. attorney in Manhattan.
Southwell said mobile Internet users are predicted to surpass desktop users globally in late 2013 or early 2014, and that could increase the corporate risk where employees use their own devices.
The second area of concern for GCs, he said, is the risk that comes with cloud computing to store both customer and employee data.
"Companies will grapple with the legal risks that come up in that context," he said, "as well as with how to deal with the litigation ramifications" if security is breached in the systems that store this data remotely.
The third big cybersecurity matter that Southwell is watching this year is legislation. There have been pushes before, and a variety of bills have languished in years past, he noted.
"But this year the Obama administration is trying to jump-start the process, and now companies are engaging with the administration on more cybersecurity rules," the lawyer said. They are most likely to deal with privacy issues and the sharing of information after breaches of data security.
"We’ll likely see some legislation this year, dictated by politics and by world events," he predicted. "It will have the potential for significant impact on most of the Fortune 500 companies, but especially those involved in critical infrastructure such as energy or telecommunications."
Southwell also sees U.S. companies engaging more with foreign governments over the reach of their cyber-rules and laws. These range from the consent website operators need to use "cookies" to restrictions on cloud computing and requirements for data protection.
"Companies do not operate neatly within national boundaries," he said, and they are increasingly clashing with foreign legal regimes over how to handle government data requests and storage of data.
The best thing GCs can do, Southwell advised, is help their companies decide how to store and sort through information, and consider how they interact with that data.
Southwell added, "A lot can be done to get your house in order that will help prepare for whatever comes this year."
What we’re going to see is an increase in the … attacks on core infrastructure companies, along with a broadening of those attacks against all types of companies.
Gibson, Dunn & Crutcher
We’ll likely see some [cybersecurity] legislation this year, dictated by politics and by world events.
Gibson, Dunn & Crutcher