In-house corporate and financial sector legal departments should place themselves at the centre of their businesses’ cyber security strategies, a leading global technology general counsel has said this week.
Pavel Klimov – the general counsel (Emea) for US-based technology giant Unisys, which turns over $3.7 billion annually – told The Lawyer in an exclusive interview that “legal is one of the key departments for a business in setting up a risk and compliance strategy”.
He continued by calling on in-house lawyers to shed any historic timidity they may have in forcing issues onto boardroom agendas.
Talking tough to senior executives to provide the unvarnished truth about cyber dangers is key. “That involves looking at the vulnerabilities and how they can be addressed,” said Klimov, “and the reactive measures that need to take place in the unfortunate event of a breach.”
The London-based Russian native has slashed external legal spend by 30 per cent since taking over Unisys’s top Emea legal role six years ago. Originally on the technology side of the business before qualifying first as a Russian lawyer and then transferring to the English solicitors’ profession, Klimov has a unique insight into cyber security.
“Before, it was thought that as long as you took some reasonable peripheral protective measure to avoid your network or database being penetrated, then it would be ok,” said Klimov. “But now the view is that peripheral protection is not necessarily going to work all the time – and it will often be vulnerable.
“Now the issue is not only thinking about how to protect your entry points, but also that the critical business data for your business or your client’s business is treated in such a way that even if your peripheral perimeter fails or is breached, the hackers will not be able to cause damage. It is all about layers.”
Klimov also warns that cyber hackers could view leading law firms as a soft underbelly route into their clients’s systems and data.
“They might be the vulnerable entry point,” he warns. “For firms to be on top of the game, they need to have not only the expertise in advising clients, but they also need to have their systems set in such a way that their client data is safe and cannot be compromised.
“It is certainly something that I should be very much be interested in understanding in relation to the firms we instruct. We would expect the same level of cyber security at our law firms as we have ourselves. There is no point in investing in all those internal measures if you then create a weakness through your law firm. That is not something this business would want to have happen.”