The Rising Tide of Cybersecurity: Why Legal Compliance Isn't Optional Anymore

The Rising Tide of Cybersecurity: Why Legal Compliance Isn’t Optional Anymore

“We’ve never had as many cyber attacks as now, and as our lives move to the digital sphere, cybersecurity risks get amplified,” warns Professor Andrej Savin of Copenhagen Business School during a recent Platforum9 session. His insights reveal how cybersecurity has evolved from a technical issue to a fundamental business and legal concern.

Beyond the Hacker Stereotype

The reality of cyber threats defies common perceptions. “People have this image of Russian or Chinese hackers, but it isn’t like that at all,” Savin explains. “It can be something as banal as your servers in the basement getting flooded and you don’t have a backup copy, or picking up a corrupted USB key found in the parking lot.”

The EU’s Legislative Response

Europe has taken the lead in cybersecurity regulation, introducing a wave of new legislation:

NIS2 Directive for essential cybersecurity
DORA regulation for financial cybersecurity
Cyber Resilience Act for digital products

These laws affect approximately 150,000 companies directly, but their impact extends far beyond through supply chain requirements.

The Risk-Based Challenge

What makes these regulations particularly challenging is their approach to compliance. “EU digital regulation insists on risk-based compliance,” Savin notes. “You basically push the task of assessing risk from the legislator to the companies.” This represents a fundamental shift from traditional checkbox compliance to ongoing risk assessment and management.

The Insurance Dilemma

While insurance might seem like an obvious solution, Savin explains why it’s problematic: “The whole insurance business lives on this delta between what we know you charge and the risk that something will happen – and nobody knows, nobody can assess this risk properly.”

The Management Imperative

Perhaps most significantly, these regulations place direct responsibility on senior management. “These laws demand active involvement on the management side,” Savin emphasises. “This is not something that you can push to legal.” The stakes are high, with potential fines, management liability, and reputational damage all on the line.

For law firms and their clients, the message is clear: cybersecurity compliance isn’t just another regulatory burden – it’s a fundamental business necessity. As Savin concludes, “Good cybersecurity compliance is also good value… but companies often realise it once the damage is done, once they get hacked, once they get data stolen. And then, of course, it’s often too late.”

Is AI Making Lawyers Lazy or Efficient? A Legal Technology Debate

Peak Performance for Lawyers: Maximising Mental Energy

Change Management for Law Firms: Overcoming Natural Resistance

Leading Change in Uncertain Times: A Framework for Leaders in Law

How Law Firms & Legal Tech Vendors Can Best Work Together

Is AI Making Lawyers Lazy or Efficient? A Legal Technology Debate

Peak Performance for Lawyers: Maximising Mental Energy

Change Management for Law Firms: Overcoming Natural Resistance

Leading Change in Uncertain Times: A Framework for Leaders in Law

How Law Firms & Legal Tech Vendors Can Best Work Together

What In-House Counsel Really Want From Their External Lawyers

Corporate Governance, AI and Cybersecurity: Bridging the Gap Between Legal and Business Worlds

Building Your Brand on LinkedIn

Baby Steps to Building Your AI Use Cases in Legal

Peak Performance for Lawyers: Optimise Physical Energy

How to Choose Your Legal Tech Solutions

How Legal Tech Enhances Efficiency in Managing the Board

Why Legal Design Matters: Transforming Legal Services Through Design Thinking

How ALSPs Are Driving Innovation in Legal Services