Garance Mathias: "Every company should be prepared for the eventuality of a cyber-attack"

The Founding Partner of Mathias Avocat is an expert in advanced technology, data security and intellectual property. She tells Leaders League how companies can successfully navigate cybersecurity and data-protection issues.

Posté le Monday, June 28th 2021
Garance Mathias: "Every company should be prepared for the eventuality of a cyber-attack"

Garance Mathias

Leaders League: Have companies been able to adjust to the new data-security reality under the GDPR?

Garance Mathias: By accompanying companies in compliance procedures or as an external data protection officer (DPO), I
have observed that the obligation to guarantee the security of personal data imposed by the General Data Protection Regulation (GDPR) has been, on the whole, observed by companies, even if it has left room for
some concerns. The CNIL’s deliberations on this subject help internal security stakeholders to identify the best practices to adopt. The GDPR is not the only regulation aiming to raise companies’ level of data protection. European and national regulations are converging towards a real awareness of the issues involved in cybersecurity. What we have seen through the firm’s practice is that companies now engaged in a serious process of complying with the GDPR are anticipating this global tightening of security requirements and have got to grips with the challenges of cybersecurity. Thus, our approach integrates risk management and allows our clients to benefit from a global legal support by taking into account their needs, their resources and the specific issues related to their sector of activity.

The two main tools available for companies to enhance the value of
their intangible capital remain intellectual property and trade secret

 

What is the legal arsenal helping companies to prevent and fight cyber-attacks?

The potentiality of a cyber-attack is now a reality for which each company should be prepared. As the current context has shown, there are increasing numbers of security breaches being discovered and
the methods used by the cyber-attacker are constantly evolving. Suffering a cyber-attack is a major crisis, even for the best prepared companies. In such cases, one of the first steps is of course to establish
the scope of the attack and its consequences, even if some of them may be felt in the longer term. The question of filing a complaint must also be asked. The police divisions specialized in the fight against cybercriminals are important advisors on these issues. Some companies may be
tempted to respond by using hackback techniques, but these are not without legal risks. Indeed, a company using these techniques may be in contravention of the automated data processing system (or STAD). We therefore advise our clients on choosing the right strategies.

 

How do you think we can better protect and enhance the value of information assets in the digital age?

The rise of digital technology only reinforces an already marked trend towards the increasing value of information assets. The two main tools available for companies to enhance the value of their intangible capital
remain intellectual property and trade secret. Intellectual property is a strategic tool that, if properly used, can enhance the value of innovations and creations and strengthen a company’s credibility with its potential investors and partners. Intellectual property enriches the company’s intangible capital in a quantifiable way, giving it a competitive advantage. The main interest of intellectual property rights (trademarks, designs, patents, database producer’s rights, etc.) is for the company to benefit
from a monopoly over its competitors. In some cases the most critical assets cannot be protected by intellectual property, such as algorithms or know-how. As they are often the product of years of investment and research, protection through the application of trade-secrets legislation will make sense here. However, it is necessary to ensure that adequate
confidentiality obligations and measures to protect these secrets have been put in place. It is in the interest of any company to consider the most appropriate legal strategy for each project and each innovation.
Our role is to provide operational and appropriate support and advice on
the legal strategies most likely to enable the company to achieve its objective.