Cyber risk prevention
Cyber risk prevention has become one of the pillars of companies and an essential axis for protecting their intangible assets. French and European related regulations are becoming more and more abundant (NIS 2, DORA, LPM, cyber section of the GDPR, Cyber Security Act, Cyber Resilience Act, IA Act, etc.). Our lawyers support you in identifying the standards to which your organization is subject and in establishing and implementing a complete and adapted cyber compliance program.
Information system security is not a new concept, but it is being revolutionized by new uses in IT. The cyber threat is evolving and the security measures implemented by companies must be revised accordingly. Developing your IT security should allow companies to better arm themselves against these new threats but also to comply with your security obligations, which are increasingly numerous and demanding.
Our law firm supports you on all of these topics, and in particular in order to:
- Raise awareness among your employees about good practices in IT security (via cybersecurity training sessions) ;
- Draft your cybersecurity compliance documentation (data breach management policy, PSSI, PAS, PCA, IT charter, security reference, compliance questionnaires for your subcontractors, etc.) ;
- Support you in drafting and negotiating your contracts with your customers and service providers (liability clauses, security audits, enhanced IT security requirements in the event of remote storage of your data – SaaS contracts, Cloud, etc.) ;
- Carry out, in collaboration with your teams, impact analyses for all your risky data processing.
Our team also assists its clients in crisis management, and in particular by supporting them in the event of a cyberattack, via the following actions :
Definition of the remediation and communication strategy ;
Assistance in assessing the risk to the rights and freedoms of the persons concerned ;
Drafting the necessary communications to the competent authorities (ANSSI, CNIL, and sectoral authorities such as the ACPR, ANS, etc.) ;
Drafting and filing any criminal complaint, monitoring the criminal procedure ;
Drafting the communications made, where appropriate, to the persons concerned ;
Specific support can also be provided by our teams, accompanied by
our partners, in order to assist you in your anonymization,
pseudonymization or encryption processes for your data. Technical
security audits and pentests may also be conducted in order to test
the robustness of your security measures.