A look at the news in recent weeks shows: Hacker attacks on companies in which corporate data is encrypted and only (eventually) decrypted after payment of a ransom ("ransomware attack") are on the rise worldwide. As a recent case from the U.S. shows, the attacks are also increasingly targeting critical infrastructure.
What initially sounds like a topic for the IT department, BKA and public prosecutor's office, should also give legal departments food for thought.
In particular, if a company encounters delivery problems as a result of a ransomware attack, or if personal data is lost, questions will also arise in the aftermath of an attack about both the civil and regulatory liability of the affected company. The focus here will be on the "question of guilt" and, in case of doubt, the company's role as a victim alone will not suffice for exoneration. Therefore, anyone who only takes a look at the contractual clauses on force majeure or thinks about an incident response plan after an attack may be left out in the cold.
In this webinar, we would like to discuss with you how to deal with ransomware attacks and related liability issues, approaching the topic from U.S. and German legal perspectives.
For questions and registration, please contact firstname.lastname@example.org.