Catherine Phillips
PSL Principal Associate
Article
6
Highly publicised incidents affecting sophisticated and global businesses such as Facebook and the NHS demonstrate that cyberattacks have the potential to affect almost any borrower.
Whilst these risks cannot be eradicated, the consequences for lenders can be managed. In this Insight our Banking and Finance experts explore ways in which we can help you to protect existing and future investments.
Information is valuable yet vulnerable. Most borrowers hold some degree of digitally stored sensitive, confidential and personal information. Some handle significant amounts of funds. Many are also involved in enabling commercial transactions to take place and completing these transactions online. Each online step provides opportunities for interference.
Borrowers may also be underprepared. Some lack the proper policies, procedures and precautions required to prevent an attack. Some are affected by vulnerabilities created in their supply chain by third party contractors and suppliers. And it is not just SMEs that suffer; the highly publicised attacks on Facebook and the NHS have demonstrated that large, sophisticated and global organisations can be just as vulnerable as smaller enterprises.
The Cyber Security Breaches Survey 2018 reported that:
Combine these statistics with the potential impact that an attack can have on a borrower's reputation and service delivery and it seems to be a good time to take stock of what can be done to protect a lender's investment against the cyber risks that are facing borrowers.
Any business disruption can have an impact on a borrower's eventual success and cyber attacks have the potential to create problems with far reaching consequences. An attack could cause a minor complication, preventing access to systems for a few hours and incurring limited remediation costs. Alternatively, it could lead to the eventual demise of an enterprise, as per the data breach that eventually toppled Mossack Fonseca. A business may also be significantly affected if a data breach results in tampering with information.
As with so many other risk management strategies, preparation is key. If a borrower has taken steps in advance to protect a business against the opportunity for attack and put in place an appropriate disaster recovery or mitigation plan, this will minimise the potential for damage to the borrower's business and a lender's investment should an attack occur.
We recommend that the transaction documents are reviewed before entering into discussions with an affected borrower and that you talk to your legal advisers about the best way of granting leniency or documenting an amendment to the facility, if this is your aim. We will be able to guide you on the best way to protect your position and avoid inadvertently waiving your rights should enforcement action be required further down the track. Alternatively, if the interruption to business is more significant and time is of the essence, we can help you to quickly evaluate your options and take the right decision to protect your investment.
For further information on this topic you can read our article on understanding Digital Risk, or contact our experts whose details are given below.
NOT LEGAL ADVICE. Information made available on this website in any form is for information purposes only. It is not, and should not be taken as, legal advice. You should not rely on, or take or fail to take any action based upon this information. Never disregard professional legal advice or delay in seeking legal advice because of something you have read on this website. Gowling WLG professionals will be pleased to discuss resolutions to specific legal concerns you may have.