In today’s increasingly interconnected world, the fields of law and technology are converging like never before. The panel discussion on “Cybersecurity” at the “Digital Safeguards” event organised by the Malta Information Technology Law Association (MITLA) shed light on the growing importance of bridging the gap between legal and technology expertise to effectively address the complex challenges posed by cyber threats and in light of the vast breadth of frameworks which address these risks, and which are being introduced at a regional EU level.
Traditionally, legal professionals and technology experts were seen as distinct entities with separate areas of expertise. However, the rapidly changing cyber landscape has somewhat blurred this strict separation.
With the rise of cyber-attacks, scams and hacking incidents, legal professionals need to better understand the complexities surrounding these risks whilst technologists need to obtain a better understanding of the liabilities they entail. By merging legal knowledge with technological understanding, both specialists can better advise their clients on navigating the legal aspects of cybersecurity. This includes providing guidance on frameworks, compliance requirements, and implications for responsibilities and burdens of proof.
The discussion emphasized that cybersecurity is no longer solely a technical issue. It has far-reaching legal implications, partly mandated by regulatory compliance across various sectors, including financial regulation, gaming regulation, telecoms, product safety, product liability and naturally – privacy laws. Legal professionals well-versed in technology can help ensure compliance with data protection, cyber resilience, cybersecurity regulations, advise on contractual agreements related to technology, and guide organizations on incident response and breach notification requirements.
Moreover, technology professionals equipped with a level of legal knowledge can bridge the gap between technical capabilities and legal requirements. They can design and develop systems that align with regulatory standards, integrate privacy-by-design principles, and contribute to the implementation of effective cybersecurity measures.
The merging of skills between legal and technology professionals enables organizations to take a comprehensive and proactive approach to cybersecurity. By aligning security strategies with legal frameworks, they can mitigate risks, ensure compliance, and respond effectively to incidents. Collaboration between these professionals fosters a deeper understanding of both the legal and technical aspects of cybersecurity, leading to better informed decision-making and setting up stronger defences against cyber threats.
The panel also discussed the ongoing trend of harmonizing legislation related to cybersecurity risks and deficiencies. The European Union has been actively updating legislation to include or clarify cybersecurity risks and their legal implications.
Liability emerged as a core concern during the discussion. Cybersecurity breaches have significant implications, not only in terms of regulatory consequences but also in relation to third-party liability. The evolving legal landscape, such as the NIS2 (Network and Information Systems Security) directive, even introduces the stark reality of personal liability for the management board tasked with implementing cybersecurity risk-management and reporting. The integration of legal and technology skills enables professionals to navigate these liability issues and provide comprehensive advice.
While some may argue that regulatory initiatives and compliance efforts increase costs, the panellists achieved consensus on the necessity of such measures. Cybersecurity breaches are inevitable, and when they occur, the legislative frameworks and obligations become crucial factors in determining liability. Organisations of every size including SMEs, must adapt to the growing cyber-first agenda and prioritise security measures. Even smaller consumer-facing businesses rely heavily on online transactions and email communications, making cybersecurity a fundamental aspect to consider.
Dr Deo Falzon, Senior Associate at Fenech & Fenech Advocates and Keith Cutajar, Court Expert in Digital Forensics