Mourant

LPRU Cybersecurity

Cybersecurity

2023 Presidential Task Force on Cybersecurity report: Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors

The threat of individual liability of directors and senior executives for failure to institute or maintain adequate cybersecurity is at most just starting to emerge. Due to a lack of specific laws in many jurisdictions addressing cyber and information security obligations of organisations, one of the ways directors may be found liable for poor cybersecurity governance (whether constituting a breach of other legislation or otherwise) is through a breach of general directors’ duties.

The purpose of this report is to provide first-of-its-kind global perspectives and guidance on best governance practices for senior executives and boards of directors in protecting their organisations from global cyber risks, with a view to harmonising efforts globally for effective protection against cyberattacks. It includes specific recommendations to protect against cyber risks in small, large and global organisations. While the scope of this report is global, it draws, in particular, on reporting sourced from Task Force members spread across ten jurisdictions – Australia, Brazil, Denmark, Germany, India, Israel, Singapore, Uganda, the United Kingdom, and the United States – each of whom has compiled research and analysis on comparative practice across this diverse set of countries.

Download report

2018 report: Cybersecurity Guidelines

Every day there are cyber related hacking incidents and law firms are being increasingly targeted for the commercially sensitive information they hold of their clients. The IBA LPRU as a member of the Presidential task force is executing the development of a set of cybersecurity guidelines for law firms to protect themselves from breaches of data security, give their clients the best possible assurances, and thereby protect the reputation of the profession. The IBA is the most appropriate forum to discuss this issue that critically affects the legal profession and the legal services sector. The IBA provides the opportunity to establish a dialogue with legal practitioners, experts internally and externally on a multi-disciplinary and a multi-jurisdictional level to identity the risks, develop solutions and execute them.

Download Data Security and the Legal Profession: Risks, Unique Challenges and Practical Considerations (2015)

Download an overview of cybersecurity guidelines research (2017)

IBA Cybersecurity Guidelines a podcast by the Chair of the IBA Presidential Task Force

The Cybersecurity Guidelines launched at the IBA Annual Conference in Rome, October 2018.

Download guidelines

International Bar Association 2025 © Privacy policy Terms & conditions Cookie Settings Harassment policy

International Bar Association is incorporated as a Not-for-Profit Corporation under the laws of the State of New York in the United States of America and is registered with the Department of State of the State of New York with registration number 071114000655 - and the liability of its members is limited. Its registered address in New York is c/o Capitol Services Inc, 1218 Central Avenue, Suite 100, Albany, New York 12205.

The London office of International Bar Association is registered in England and Wales as a branch with registration number FC028342.