Incident Response
Incident response to ransomware attacks
Cyber attacks are on the rise worldwide and pose a serious threat to Swiss companies and organisations in particular. They result in significant financial loss, data leakage and reputational damage. Effective incident response management, including legal support, crisis management and forensic investigation, is therefore essential.
Obligations under the Data Protection and Information Security Act
From 1 September 2023, the Swiss Data Protection Act (DPA) will impose stricter obligations on companies in the event of a data breach. Companies are now required to notify the Federal Data Protection and Information Commissioner (FDPIC) immediately if the breach is likely to pose a high risk to the personality or fundamental rights of the data subjects.
The EU GDPR requires companies to respond quickly to data protection incidents, notifying the supervisory authority within 72 hours if there is a risk to data subjects. In the case of serious breaches, data subjects must also be informed. Companies must take preventive measures, such as risk assessments and technical safeguards, to avoid incidents. Effective incident response management ensures that legal requirements are met and damage is minimised.
Reporting to supervisory authorities is a key tool for enforcing data protection and compliance requirements. The content of these reports has an impact on the course of supervisory procedures, which are organised differently depending on the authority or country. As a rule, the involvement of legal specialists is recommended for the management of these supervisory procedures.
Aspects of criminal law
Cyber attacks, particularly ransomware attacks, are a criminal offence. Companies should consider filing a criminal complaint with the appropriate law enforcement authorities. This may help identify the perpetrators and prevent further attacks. Depending on the specific situation, it is recommended to consult specialised lawyers on how to communicate with the authorities.
The payment of ransoms raises legal, ethical and strategic issues. For example, anti-terrorism legislation or national and international sanctions raise questions about ransom payments. Legal advice is essential in this context.
Communication
Transparent and efficient communication management is essential. Internally, communication with employees is key to managing losses and preventing knee-jerk reactions. Externally, it is important to inform customers, partners and, if necessary, the public in an appropriate and structured manner.
In addition to internal and external communication, communication with the National Cyber Security Centre (NCSC) or the current Federal Office for Cyber Security (BACS) must be ensured. If natural persons are involved, the FDPIC must be involved in the processes. There are various reporting obligations that companies and individuals may be subject to.
Liability issues
By working closely with IT experts and specialist lawyers, responsibilities can be clearly defined, potential claims investigated and appropriate legal action taken.
LAYER 8 takes care of the legal aspects at the intersection of technology and organisation. Thanks to our specialist training and experience, we can provide you with efficient and targeted support in dealing with cyber attacks.
LAYER 8 further focusses on:
- Advice on detecting and preserving evidence of cyber-attacks (internal and external attackers)
- Dealing with ransomware attacks, hacking incidents or data leaks
- International legal and administrative assistance support
- Crisis communications with employees (internal), customers and clients (external), authorities (investigating authorities, prosecutors) and the media
Contact us
Tell us about your needs during a personal meeting or in advance by mail:
