Data / Technology / IP

Cyber Risk Readiness Assessment

Have you done your homework in the field of cyber security?

The current threat landscape clearly demonstrates: The chances of being hacked is high. Are you prepared and legally armed if it happens? Can you demonstrate your technical and organisational measures? Do you know your contractual and legal obligations in the event of a cyber attack?

Based on the experience of the MME Cyber Risk Incident Response Team we have developed a new product for our clients: the MME Legal Cyber Risk Readiness Assessment.

Our offer

Our experienced team of attorneys will conduct a comprehensive legal analysis of your security measures at a flat rate. We take into account legal provisions such as the General Data Protection Regulation (GDPR), the new Data Protection Act (DPA), the Information Security Act (ISA) and any other applicable special laws. We assess your current security measures and the required documentation, identify potential vulnerabilities and propose concrete measures adapted to your needs to minimise your risks in the event of a cyber attack (system failure risks, liability towards customers, fines, etc.).

If necessary, we also assess your technical set-up with the help of technical experts. This includes your network security, your data management, your technical security policies and procedures, and your overall security architecture.

Our Cyber Risk Readiness Assessment includes in particular:

  • Comprehensive risk analysis: We identify potential threats and risks to your company, both internal and external. This includes, for example, attacks from hackers, ransomware, phishing, social engineering and internal security breaches.
  • Vulnerability assessment and gap analysis: We check your IT infrastructure, processes and documentation for vulnerabilities and security gaps. Both technical and organisational aspects are taken into account. Assessment of vulnerabilities and risks in the supply chain. 
  • Contract analysis (agreements with suppliers; agreements with customers): Who is liable in case of a cyber attack? Riskallocation, exclusion of liability, information rights, etc.
  • Compliance check and legal aspects: We check whether your security measures and processes comply with the applicable legal provisions (in particular GDPR, DPA and Information Security Act ISA, but also special requirements from special laws and FINMA circulars) and are sufficiently documented. We also keep an eye on legal developments and international standards such as NIST2, the principles of the Basel Committee on Banking Supervision, ITIL v4, COBIT and the Digital Operational Resilience Act (Regulation (EU) 2022/2554).
  • We will prepare a corresponding report upon request.

Further support, if necessary:

  • Security strategy and planning: Based on the results of the risk analysis and vulnerability assessment, we develop a customised and risk-based security strategy for your company. This includes recommendations for adapting customer contracts and GTCs, supplementing technical and organisational measures to ensure identification, protection, detection, response and recovery in the event of security incidents.
  • Prevention and crisis management: We define or optimise emergency processes with you, define responsibilities and prepare for emergencies.
  • Incident Retainer: We offer an Incident Response Retainer, which allows you to secure our resources and proactively manage collaboration in case of an emergency.
  • Training and sensitisation: We support you in training the management (BoD, authorities, executive board) and your employees to strengthen their security awareness and keep them up to date on the latest threats and best practices.
  • Compliance: Our attorneys support you in ensuring that your security measures and processes comply with the applicable legal provisions (in particular GDPR, DPA and Information Security Act ISA, but also specific requirements from special laws and FINMA circulars) and are sufficiently documented.

In order to protect the board of directors and management (derivative corporate liability), we recommend a cyber risk readiness assessment in particular for authorities, organisations and companies that operate critical infrastructures in accordance with the Information Security Act:

  • Universities
  • Federal, cantonal and municipal authorities
  • Safety and rescue organisations ("blue light organisations"), supply of drinking water, waste water treatment and waste disposal
  • Energy supply, energy trading, energy measurement, energy control
  • Banks, insurance companies, financial market infrastructures
  • health care facilities that are on the cantonal hospital list
  • medical laboratories with a licence under the Epidemics Act
  • pharmaceutical companies
  • social security institutions
  • SRG
  • news agencies of national importance
  • Postal service providers
  • Railway, cableway, trolley bus, bus and shipping companies
  • Civil aviation companies, national airports
  • Major distributors (companies that supply the population with essential goods for daily use and whose failure or impairment would lead to considerable supply bottlenecks)
  • Telecommunications services
  • Registry operators and registrars of internet domains
  • providers and operators of cloud computing, search engines, digital security and trust services as well as data centres, provided they have a registered office in Switzerland
  • Manufacturers of hardware or software whose products are used by critical infrastructures

We are happy to be at your service.

Listings

  • Legal 500

    MME Legal | Tax | Compliance advises companies from the technology and telecoms sectors as well as banks and health care providers on a variety of TMT matters, including IP and data protection mandates. The team is well-versed in fintech, IT, gaming and distributed ledger technologies and assists with outsourcing, relocation and distribution projects as well as advising on contractual matters. Practice head Martin Eckert specialises in blockchain and software issues, while Michael Kunz acts on technology transfers and focuses on fintech mandates and the regulation of distributed ledger technologies.

    MME Legal | Tax | Compliance has a strong presence in the Swiss technology and telecoms field and advises clients on a whole host of data privacy and data protection issues. The team, headed by Martin Eckert, conducts data protection assessments, provides assistance in cases of cybercrime in the form of a cyber risk response team and issues data protection certificates to signify compliance with Swiss and European data protection laws.

    Practice head(s): Dr. Martin Eckert

    Other key lawyers: Michael Kunz

  • Who's Who Legal

    • Dr. Martin Eckert: Global Leader in Data Privacy & Protection, Information Technology, Telecoms & Media 2021.
    • Dr. Martin Eckert: National Leader in Data 2021.
    • Dr. Andreas Glarner: National Leader in Data 2021.

    WWL says: At MME Martin Eckert is 'top notch'. As former judge at the Swiss Federal Appeal Commission for Intellectual Property, he has a 'wealth of knowledge' and is respected in the field.

    Martin Eckert is widely regarded by sources as a leading light in data protection and an expert in complex projects. 

    WWL says: Andreas Glarner earns acclaim from respondents this year thanks to his exceptional expertise in blockchain and cryptocurrencies. 

  • BILANZ Top Law Firms in Switzerland: "Technology and Telecommunications Law"

    MME Legal | Tax | Compliance was named one of the best law firms in the legal field "Technology and Telecommunications Law" 2021 in Bilanz.