Summary Section Content 1Three Rules for Best of Class Cybersecurity Strategies Cybersecurity crosscuts information technology, management science, public relations, and law. Developing and implementing a cybersecurity strategy, and responding to a cybersecurity breach is, of necessity, a team effort. Best of class cybersecurity strategies address both technical and legal risk. The first rule of a best of class strategy is that cybersecurity is not a state – it is a process. Technologies advance daily, as do the abilities of cybercriminals. Cybersecurity strategies need to develop and change in step with the relevant technologies. A strategy that was best of class in 2012 is not best of class today. The second rule of a best of class strategy is that, because the general nature of the threat is known, and because experience has taught us the potential consequences of the cyberattack, it is possible to plan proactively, and on an ongoing basis. An ounce of prevention is worth a pound of cure. Best of class cybersecurity strategies identify emerging threats and adjust processes and mechanisms accordingly, before the fact. The third rule of a best of class strategy is that even the best systems can and will fail. An organization can reduce the possibilities of a breach, but never eliminate them. A best of class strategy anticipates and plans for failure. It is ready to react immediately in a way that minimizes loss. A best of class cyber strategy has a tried and tested response plan.Taken together, these rules demonstrate that best of class cyber security strategies need to manage, respond and remediate We experienced a significant data security breach in the fourth quarter fiscal 2013 and are not yet able to determine the full extent of its impact and the impact of government investigations and private litigation on our results of operations— Target Corporation, Securities Exchange Commission Form 10Q, filed March 14, 2014 Publications & Presentations Section Content 2 (PDF, 670 KB)Interviewed (starts at 1:22) (Ira Nishisato), "Hackers breach Forces.ca, redirecting users to official Chinese state website," CityTV, November 17, 2016. Quoted (Ira Nishisato), "Third-party service providers can be ‘hornets nest’ in cyber security: ICRMC speaker," Canadian Underwriter, April 2, 2016.Speaker (Ira Nishisato), "Operationalizing Incident Response," ICRMC — From Governance to Response: An Advanced Cyber Risk Management, Toronto, April 1, 2016. Quoted (Ira Nishisato), "Unto the [Data] Breach," Corporate Risk Canada, Winter Edition 2015.Quoted (Ira Nishisato), "Cybersecurity Comes to the Boardroom," Lexpert® Magazine, October 2015.Interviewed (Ira Nishisato), "Cybersecurity the top business risk for 2015," Business News Network, December 23, 2014.Publications "Cybersecurity Guidance for Small and Medium Size Enterprises", January 2017"Cyber Risk Management — Phishing", December 2016"Data Security Incident Response Plans — Some Practical Suggestions", December 2016"Guidance for Defending and Responding to Ransomware Attacks", November 2016"CASL Enforcement Decision — Sending Messages Without Consent", October 2016"Cyber Risk Management – G7 Cybersecurity Guidelines For The Financial Sector", October 2016"Cyber Risk Management — Regulatory Guidance From The Canadian Securities Administrators", September 2016"Cyber Risk Management – New York State Regulation For Financial Institutions", September 2016"CRTC Settles Alleged CASL Violation — Messages Sent Without Consent", September 2016"Canada’s Anti-Spam Legislation – Regulatory Guidance", August 2016"Cyber Risk Management – Legal Privilege Strategy – Part 2 ", July 2016"Autonomous Vehicles", July 2016"Cyber Risk Management – Legal Privilege Strategy – Part 1", July 2016"Cybersecurity Guidance From Investment Industry Organization", May 2016"Cyber Incident Response Plans — Test, Train And Exercise", May 2016"Do insurers have a duty to defend as a result of a failure to comply with PCI — DSS", May 2016"Government Guidance for Preventing and Responding to Ransomware Attacks", April 2016"Internet of Things: OPC Publishes Research Paper on Privacy and Security Risks Associated with Retail and Home Environments", February 2016"Apple’s encryption fight against the U.S. government could spill into Canada", February 2016"Cyber Risk Management — Insider Risk", February 2016"Warrant Issued For Malware Under Canada's Anti-Spam Law", January 2016"Cyber Risk Management — PCI DSS Requirements For Incident Response Plan", January 2016"An Introduction To PCI DSS", January 2016"Cybersecurity Guidance From Investment Industry Organization", January 2016"European Parliament, Council, and Commission agree on draft of first EU-wide cybersecurity legislation", January 2016"Cybersecurity Indictment Unsealed on Theft of 100 Million Records", November 2015"Sedona Conference Publishes Information Security Guidelines for Law Firms", November 2015"Cyber-Risk Management — Data Incident Notification Obligations", October 2015"Privacy Commissioners Issue Guidance for BYOD Programs", October 2015"OCIE Embarks on Second Round of Investigations Into Cybersecurity Among Registrants", September 2015"Class Action by Banks against Target Certified", September 2015"Internet of Things and Cybersecurity", August 2015"Regulatory Guidance For Safeguarding Personal Information", June 2015"Intelligent Buildings and Cyber Security", June 2015"U.S. Securities and Exchange Commission Issues Cybersecurity Guidance Update", May 2015"U.S. Department of Justice Issues Guidance for Cyber Incident Planning and Response", May 2015"How much cybersecurity is enough?", April 2015"Cybersecurity In M&A Transactions", April 2015"Outsourcing, Procurement and Cybersecurity", April 2015"Cyber-Risk Management – Guidance for Corporate Directors", April 2015"Cyber-Risk Management Guidance From Financial Institution Regulators", March 2015 Representative Work Section Content 4BLG litigators act and have acted in some of the most notable cybersecurity cases in the country.BLG is defending one of the first class actions brought under the “intrusion upon seclusion” breach of privacy tort. The case is likely to be precedent-setting, in what is considered by many observers to be the fastest-growing area for class actions. BLG represents a “Big Five” Bank being sued for the criminal actions of a rogue employee alleged to have breached the privacy of customers of the Bank, which included electronically stored information. The matter will be proceeding to a common issues trial, which will decide novel legal issues, including whether an employer can be vicariously liable for its employees’ breach of privacy.BLG represented a financial services regulator named as a defendant in a class action regarding the loss of personal information contained on a portable computer. BLG was successful in obtaining the dismissal of the certification on the basis that the representative plaintiff suffered no compensable harm since his personal information was not used fraudulently.BLG presented a major automobile financing company named as a defendant in a class action regarding the loss of personal information that was stored on a data tape which was lost during transit. BLG was successful in obtaining a dismissal of the certification of the class action on the basis that the representative plaintiff suffered no compensable harm since his personal information was not used fraudulently.BLG represented a leading Internet search engine named as a defendant in a potential class action (now at the pre-certification stage) on behalf of persons whose electronic data was allegedly transmitted over unsecured wireless internet connection and whose personal information was allegedly intercepted.BLG represented a New York-based broker-dealer prosecuting an action to obtain emergency injunctive relief against a computer network service provider which refused to provide it with administrative passwords necessary for it to access essential functions such as email and the ability to print.BLG represented a major automobile financing company named as a defendant in a class action regarding the loss of personal information that was stored on a data tape which was lost during transit. The class action was certified on the basis that the representative plaintiff alleged that his personal information was used fraudulently.BLG represents numerous hospitals and healthcare institutions facing potential or actual claims relating to health care information, ranging from small individual breaches and large situations involving loss or theft of data storage devices.