Jump to main content

Cyber Security

We advise our clients on all aspects of cybersecurity, including cyber incidents, compliance with regulatory and sector-specific requirements, strategic guidance, contact with authorities and handling of cyber incidents.

With increased digitalisation and outsourcing of business processes comes the risk of unwanted cyber incidents and thus heightened requirements for businesses to protect digital assets and values. 

Globally, it is estimated that cybercrime costs businesses and society several trillion NOK annually - and the volume is constantly increasing. All businesses will sooner or later experience cyberattacks or incidents of a more or less serious nature. In the worst case, it can put businesses out of operation. In order to limit damage and ensure proper handling, it is therefore crucial that the business is prepared and has a contingency plan in place when cyberattacks or incidents occur.

In addition, cybersecurity is increasingly subject to legal regulation, such as GDPR, the Digital Security Act, NIS2, and DORA. Failure to comply with such regulations can be sanctioned with fines and personal liability. The cornerstone of good cybersecurity is to identify and assess risks, as well as implementing appropriate technical, organisational and legal measures to ensure an adequate level of cybersecurity, and most importantly being able to demonstrate it. Cybersecurity is therefore no longer just an operational task for the line management, but also a matter that concerns top management and boardrooms.

We have some of Norway's leading centres of expertise within IT and privacy, compliance, corporate law and litigation, with top rankings in all areas.

We offer

  • Handling of cyber incidents. Assistance with the identification of legal issues and risk mitigation measures in the aftermath of cyber incidents, such as phishing, CEO fraud, ransomware, malware, man-in-the-middle attacks, denial of service, email hijacking, social engineering, identity theft, etc. We assist with risk assessments, evidence preservation, stakeholder management (customers, suppliers, employees, etc.), in co-operation with security experts.
  • Compliance with cybersecurity requirements. Advising on compliance with current and potential regulatory requirements for cybersecurity, such as legislation (NIS2, DORA, Security Act, Digital Security Act, GDPR and CRA), as well as industry-specific requirements (e.g. in the power and maritime industries). We also assist businesses with guidance related to ISO 27000 certification. Our assistance typically includes conducting surveys, gap analyses  and advice on how clients can coordinate the various regulatory requirements they are subject to at the same time.
  • Internal control and governance. We assist in establishing internal control for cybersecurity-related aspects adapted to the client's legal obligations and needs, such as cyber incident response plan (CIRP), control measures for employees, notification routines to public authorities, annual wheels and reporting templates.
  • Contracts. We assist clients in IT procurements, negotiations with suppliers, risk assessments, security requirements, audits, force majeure, liability, specifications, etc. Our experts ensure that contracts fulfil requirements based on best practices for preventing digital threats, managing non-compliance and complying with regulatory requirements. We also conduct general reviews of agreements, supply chains and data flows.
  • Government handling. We assist clients with notifications to supervisory authorities such as the Norwegian Data Protection Authority, the National Security Authority (NSM), the National Communications Authority (Nkom) and the National Cyber Security Center (NCSC), as well as the police. We also assist in the follow-up and handling of cases against the authorities.
  • Board and management. We tailor cybersecurity training programmes for executives and board members. We also advice businesses on how cybersecurity can and should be put on the agenda of management and the board. We also offer simulation exercises (tabletops).
  • M&A. We ensure that the due diligence process identifies and assesses potential cybersecurity risks, and we draft robust contract terms that protect the interests of the business.
  • Cyber-related dispute resolution. Our legal expertise in cybersecurity is invaluable when dealing with cyber-related disputes, for example with service providers and insurers. With our in-depth understanding of the underlying facts combined with leading-edge litigation expertise, we can offer optimal assistance in cyber-related disputes. 
Contacts

Read our articles on Cyber Security

15/02/2024

Managing cyber risk

All companies face the risk of cyber-attacks. In general, the question is when and not if an attack will strike. Companies should therefore strengthen their cyber resilience and implement robust measures to be prepared to handle all aspects of an attack if/when it occurs.