The Risk in Focus 2023 report, carried out by the European Confederation of Internal Audit Institutes (ECIIA), once again confirms cybercrime as the biggest risk that companies will have to face this year. These experts say that a holistic view is the best way to avoid attacks that, for example, affect financial sustainability or generate a reputational crisis. In this regard, compliance plays a key role.
According to Felipe García, lawyer and partner at Circulo Legal Madrid, "organizations must ensure that they have control mechanisms in place to protect themselves against possible access, leaks or data theft, and this is not only the responsibility of the systems department, but the compliance department must also work closely to verify procedures, carrying out training and awareness-raising work from senior management to all employees, the objective is clear: to protect the organizations' information security system".
This program will have to be updated on a recurring basis, as technology is advancing very quickly. "The automation of processes or predictive analysis using artificial intelligence algorithms pose a challenge for compliance," says the expert. García also adds that "the regulatory changes brought about by all this progress reinforce the need to have a compliance program capable of preventing any criminal liability for the legal entity".
The key piece in a judicial process
The importance of compliance is paramount should a company become involved in legal proceedings. García states that "dedicating resources to building a solid compliance program is the best way to prevent an organization from having to assume criminal liability for its malpractice", emphasizing the importance of "having a culture of crime prevention rooted from the top down, the management has to set an example and project it to the rest of the organization".
Legal entities must be very clear that the presentation of their compliance system will demonstrate that it has been designed and rigorously applied. As the lawyer admits, "it is no longer a question of having established channels for reporting possible infringements internally, but rather of having an effective program to prevent the commission of crimes".
In this line, it is worth remembering that acting with transparency and providing the compliance program to the court can be a strategy of the organization to achieve acquittal, "the company should consider whether or not to provide the documentation of the compliance program, and analyze, if it decides to do so, which documents may be favorable or not to achieve acquittal in criminal proceedings," says the lawyer of the law firm Circulo Legal Madrid.
In Grupo Galilea we offer a team of professionals to adapt the Cyber insurance to your needs and those of your company. For more information, click here
Source: Insurance News