Cybersecurity – Strategies For In-House And General Counsel

Cybersecurity – Strategies For In-House And General Counsel

Cybersecurity remains at the forefront of serious concerns affecting the legal market. Often in-house and general counsel are actively involved in stopping these data breaches and preventing lasting impact for corporations.

Data security is a universal issue across legal specialties and continues to change and evolve rapidly. It’s key for legal professionals to remain up-to-date on this complex and multifaceted issue. Read more from Modern Counsel and hear from legal experts about the topic of cybersecurity.

To learn more about cybersecurity in the legal field, download the complimentary report from Modern Counsel, The General Counsel’s Guide to Digital Defense. The Legal Side of Cybersecurity below.


Managing security in hackers’ most targeted industry

The financial services industry is a favorite target of cyber criminals, but the brunt of such attacks is felt by more than the institutions. Why everyone has a stake in the fight for cybersecurity

Greg McShea - Janney Montgomery Scott LLC - Cyber Security
“If cybersecurity isn’t in your top three priorities, it should be,” says Greg McShea, senior vice president and general counsel of Janney Montgomery Scott LLC, a full-service financial services firm and subsidiary of the Penn Mutual Life Insurance Company.

Financial service businesses rank first among industries targeted for cybercrime. But industries are universally impacted by security threats and attacks. Learn more about why every industry and corporation has a stake in the fight for cybersecurity.

Financial services companies lost an average of $23.6 million to cybersecurity breaches in 2013—up nearly 44 percent from the prior year. That’s a higher average annualized cost than any other sector. Security breaches impact the bottom line, costing millions of dollars while disrupting business and damaging trust. “If cybersecurity isn’t in your top three priorities, it should be,” says Greg McShea, senior vice president and general counsel of Janney Montgomery Scott LLC, a full-service financial services firm and subsidiary of the Penn Mutual Life Insurance Company.

Cybersecurity is an area where the interests of regulators, the regulated, and clients are all aligned, McShea says. And as a result, regulators and firms are collaborating and sharing information in the area of cyber crime more than ever.


The financial services
industry ranks first among
26 industries most targeted
by cyber criminals.

$23.6 M

The average annualized cost of cybersecurity breaches for a financial services firm in 2013 was $23.6 million.


of cyber attacks are
successful in less
than 24 hours.

The Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority often host seminars and invite leaders from Janney and other firms to participate on panels where they can share best practices on combating security threats. Trade organizations also sponsor meetings to help the industry stay current on the latest trends. “If a firm has a problem, the entire industry gets a black eye for it,” McShea says, “so there’s mutual interest to be on top of this and locked arm-in-arm.”

Regulators frequently examine firms to ensure they have the proper safeguards in place. The SEC recently came out with a new list of exam priorities with respect to cybersecurity. Companies can face fines and penalties for failing to comply with regulations or protect customers’ information. Many states have employee and customer protection statutes, and there’s also civil exposure from litigants, something that Janney has been fortunate to avoid thus far. Some of the liability is shifting from banks and financial services firms to merchants. New regulations took effect in October 2015 that hold business owners responsible for fraudulent transactions when credit cards embedded with security microchips are used.

The investing public is slowly recovering from the 2008 financial meltdown and Bernie Madoff crisis, McShea says. That’s why protecting clients’ personal information from cyber attacks is a good opportunity for the industry to restore trust and confidence. The opposite also holds true. “We can ill afford a significant breach of any kind,” he says.

One of the biggest challenges lies in the constantly evolving nature of the hackers. While firms work within their four walls to protect client data, clients themselves can be hacked through personal e-mail takeovers and other fraud. The types of hacks are ever-changing and becoming more sophisticated. Janney works closely with clients whose information may have been compromised. For example, if a client’s e-mail is hacked, the company will work with the client to change account numbers and speak to them about the importance of password protection. “Many times that’s where it begins and ends,” McShea says.

Other best practices include third-party testing of systems and controls, penetration testing, strong access rights inside and outside the firm, and controlling access to information when employees leave the firm. Strong governance and employee training also help firms stay on top of the issue. “It’s an evolving iterative process,” McShea says. “It’s about remaining adaptable and humble because if something looked good and appropriate a year or six months ago, it may not necessarily be the case today.”


More About Cybersecurity

Steve Fabrizio - Motion Picture Association of America (MPAA) Doug Sandberg - Worldpay Jeff True - Palo Alto Networks

Not Another Napster

The Motion Picture Association of America continues to tackle the difficult problem of copyright infringement and illegal downloading. The organization is now fighting against the theft of intellectual property with regulations, litigation, and new tools, such as voluntary initiatives. Read more…

Transaction Approved

The acquisition of SecureNet by Worldpay, a payment processing company, reflects the overall evolution of the industry toward improved security and diminished fraud threats for credit card transactions. See where the company began in 2002 and how Wordplay is positioned for continued growth. Read more…

Unseen Armor

Cybersecurity and the need to keep companies, citizens, and data secure, is at the top of the priority list for organizational leaders, government agencies, and service providers. Following cyber-attacks on several large corporations, Palo Alto Networks launched a new initiative, the Cyber Threat Alliance, to encourage information sharing among security companies. Read More…

Read additional articles related to cybersecurity risks and legal professionals battling against them in Modern Counsel.