With many fintechs taking the approach that it’s not if they will suffer a cyber attack but when, Skadden counsel Nicola Kerr-Shaw joins the latest “Fintech Focus episode to discuss how proper preparation can help significantly reduce regulatory scrutiny and sanctions, reputational impact and risk of resultant litigation. A member of the firm’s global Cybersecurity and Data Privacy Practice, Nicola covers notification messaging, regulatory expectations and ransom payment considerations in this discussion with host Joseph Kamyar. “Preparation is key, and even more so for fintechs, given the regulatory environment and personal liability under the SMCR,” she observes.

Top takeaways from this episode

• “Big Bang Effect”: Sometimes, a cyber attack is announced in a dramatic “big bang” – screens going dark, an image alerting you to the attack. Other times, it can be subtle, with certain systems suddenly unavailable for no apparent reason.
• Notifying Stakeholders: Nicola encourages fintechs to have a well-coordinated and well-considered communication strategy that guides response and addresses regulatory requirements.
• Communicating With Staff: Leaders should be prepared to give staff messaging that includes the basics of the event and reminds them not to post to social media.
• Do You Pay? Different laws apply to different jurisdictions, so a company that finds itself a victim of a ransom attack needs to carefully navigate the legal landscape.

Name: Joseph Kamyar

Title: European Counsel, Corporate at Skadden

Specialty: “Fintech Focus” host and European counsel Joseph Kamyar advises on a wide variety of corporate transactions, including cross-border private mergers and acquisitions, fundraisings, joint ventures, corporate reorganizations and general corporate matters, with a particular focus on the financial services, technology and media sectors.

Connect: LinkedIn | Email

Name: Nicola Kerr-Shaw

What she does: Counsel Nicola Kerr-Shaw, a key member of Skadden’s global Cybersecurity and Data Privacy Practice and an authority on AI-related issues, represents financial institutions, technology companies and other businesses in matters pertaining to AI, cybersecurity, data and privacy, and emerging technologies. She works with companies to creatively and effectively help them achieve their commercial goals.

Organization: Skadden

Words of wisdom: “A point to remember for the fintech world is that notification is around enabling individuals to protect themselves. So, [when] things like identity documents, payment mechanisms have been impacted, swift notifications might be key. That being said, though, there is