Canadian Lawyer InHouse

3 CANADIANLAWYERMAG.COM/INHOUSE MARCH 2017 www.canadianlawyermag.com/inhouse Director/Group Publisher: Karen Lorimer karen.lorimer@thomsonreuters.com Managing Editor: Jennifer Brown jen.brown@thomsonreuters.com Copy Editor: Patricia Cancilla Art Director: Steve Maver Account Co-ordinator: Catherine Giles Sales and Business Development Business Development Consultant: Ivan Ivanovitch ivan.ivanovitch@tr.com 416-887-4300 Client Development Manager: Grace So grace.so@tr.com 416-903-4473 Account Manager: Kimberlee Pascoe kimberlee.pascoe@tr.com 416-996-1739 Account Executive: Steffanie Munroe steffanie.munroe@tr.com 416-315-5879 Canadian Lawyer InHouse is published 6 times a year by Thomson Reuters Canada Ltd., One Corporate Plaza 2075 Kennedy Rd., Toronto ON. M1T 3V4 (416) 298-5141. Fax : 416-649-7870 Web: www.canadianlawyermag.com/inhouse LinkedIn: www.goo.gl/9tytr Twitter: @CLInHouse Editorial advisory board: Sanjeev Dhawan, Hydro One Networks Inc.; Jonathan Lau, Alcohol and Gaming Commission of Ontario; Fernando Garcia, Nissan Canada; Joe Bradford, Bradford Professional Corp; Dorothy Quann, Xerox Canada. All rights reserved. Contents may not be reprinted without written permission. The opinions expressed in articles are not necessarily those of the publisher. Information presented is compiled from sources believed to be accurate, however, the publisher assumes no responsibility for errors or omissions. Canadian Lawyer InHouse disclaims any warranty as to the accuracy, completeness or currency of the contents of this publication and disclaims all liability in respect of the results of any action taken or not taken in reliance upon information in this publication. Publications Mail Agreement #40766500 ISSN 1921-9563 Copyright © 2017 H.S.T. Registration #R121349799 To subscribe or change addresses Call (416) 649-9585 Fax (416) 649-7870 or e-mail Keith Fulford at keith.fulford@thomsonreuters.com RETURN UNDELIVERABLE CANADIAN ADDRESS TO: CIRCULATION DEPARTMENT One Corporate Plaza 2075 Kennedy Rd., Toronto ON. M1T 3V4 By Jennifer Brown Editor's Box SEND YOUR news AND story ideas TO jen.brown@thomsonreuters.com The next frontier: cybersecurity A s you will read in both our cover story "The era of no excuses" and the interview I did with VIA Rail's Denis Lavoie in the Quebec report, the challenge of managing the various risks around cybersecurity is landing with a thud on the desks of in-house counsel. During a recent panel at the Ontario Bar Association's February conference in Toronto, Manju Jessa, assistant general counsel at RBC, moderated a discussion on managing outside counsel effectively. Jessa said one of the priorities for the bank is knowing how secure the information shared by RBC is when going back and forth to its external law fi rms. The concern, she said, is two-fold, including knowing how secure email in the fi rm's communication is, but RBC also wants its law fi rms to let them know whether the fi rms are at risk of attack and what kind of data is potentially being breached. Law fi rms are increasingly becoming targets by those looking for competitive intelligence or merely by virtue of who they are and who they represent. Add that threat to the growing cybersecurity concerns keeping in-house counsel up at night. What I found interesting is that there wasn't any followup on Jessa's comments in the rest of the discussion. Rather, it evolved into more of the usual talk about improving relationships with in- house and outside counsel (or how to politely end them). But the fact cybersecurity concerns are bubbling to the top of the conference circuit is proof that cyber-risk is moving to an elevated level for many sophisticated in-house lawyers and it's the boardroom. As Lavoie told me, in the last two to three years, cyber-risk has become a larger concern at VIA. In November, VIA's legal team went to its board of directors with a new proposal for cyber-insurance and Lavoie is working on it with the company's broker to put a new policy in place. On the prevention side, he is working closely with the IT group to build an infrastructure process to protect against a cyberattack. David Laliberte, general counsel of Groupe Média TFO, told us the same thing in the cover story when he said the board of his organization put it on the agenda to review the organization's policy with respect to confi dential information and how to protect it. This fi ts with results of the Association of Corporate Counsel Foundation report: the State of Cybersecurity Report (2016), which found that not only were company and law department budgets growing in this area but 59 per cent of the CLOs surveyed expected their law department's role in cybersecurity to increase. The rated importance of data breaches has increased by seven percentage points since the 2013-14 survey was conducted. For those in health care and education, it is of extreme importance likely because of the cost associated with a breach — both reputational and dollar value — but I fi nd it hard to believe it's not considered "extreme" for everyone. If you aren't already doing it, it's probably a good game plan as in-house counsel to raise the level of involvement you have in managing the risk around cyber-threats. It's no longer about knowing how to react to a breach; it's about doing all you can to prevent it in the fi rst place.

• Cover