Kelly Nicholson (Field Law) was the Chair of this panel. Panel participants were Linda Dalgetty (Vice President (Finance and Services), University of Calgary) and Justin Fong (Partner, Cyber-Security Division, Deloitte).
 
Justin detailed how cyber-attacks have risen to number five on the world's top threats list. As the data volume of our organizations increases, so too does our risk of attack. There are a number of different kinds of "hackers" (from casual limited attacks to advanced, persistent threats from hostile nation-states). Alarmingly, most cyber-attacks go unnoticed at first: it takes an average of 241 days to detect an attack and begin to respond.
 
In May of 2016, the University of Calgary suffered a catastrophic ransomware attack affecting a number of key areas. Linda Dalgetty discussed the importance of utilizing your resources (including following insurance recommendations) and ensuring your board of governors is ready to respond in a timely manner. It cannot be assumed that everyone involved will understand the IT language and issues presented, and it is important to find a common language between parties in order to develop an effective response. She offered guidance on how to stay proactive and consistent in external messaging, and discussed the risk-balance approach that the University ultimately decided to take. For the University of Calgary, reputational risk was the most important component of their decision to pay the ransom. The nature of the University's research work meant a loss of data could risk the loss of an employee's lifetime of valuable research and development work.
 
Justin and Linda emphasized that there are a number of steps an organization can take to prepare for a cyber-attack and respond in a timely manner. In these situations, the first 24 hours are critical. Running regular, thorough assessments of your operational, reputational, and financial risks will ensure you and your organization are not caught unaware by one of the biggest threats of the modern era.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.