Lani M. Duffy and Richard A. Walawender of Miller Canfield write:
The U.S. government and military experts have been warning U.S. companies that Russia may launch significant cyberattacks against critical infrastructure, financial institutions and businesses in retaliation for the sanctions imposed against Russia. Last week, the Cybersecurity & Infrastructure Security Agency (established in 2018 under the Department of Homeland Security) made available on its website free services and tools for U.S. companies to enhance their cybersecurity risk management capabilities. Now is the time for companies to ensure that they undertake a comprehensive risk assessment and implement the necessary cybersecurity measures to mitigate potential liability in the event of a cyberattack.
The Legal Landscape
A cyberattack exposes a company to two major legal risks. First, if the cyberattack causes a significant disruption, shutdown or delay in performance, a company may not be protected from liability with a contractual force majeure clause or other theory of law. Second, depending on the scope and type of data impacted, there may be liability under data privacy laws and regulations.
Read more at The National Law Review.