Latest trends in corporate law and digital security

As part of the presentation of the Corporate Cybersecurity Strategies report, prepared by IE-ECIJA Digital Law Observatory, IE Law School held a roundtable with a focus on digital security in the corporate legal environment. The event brought together experts in corporate law to analyze the risks and best practices regarding cybersecurity in companies.

Jesús Yáñez Colomo, partner at ECIJA, opened the discussion with a presentation of their findings. The report found that compliance with European cybersecurity regulations brings forth both challenges and opportunities. On the one hand, the strict security requirements demand a great deal of effort for companies. On the other hand, they provide a unique opportunity to build resilience and strengthen the response to digital threats. Together, these measures act as catalysts for the development of a strong cybersecurity culture. This not only benefits organizations but also contributes to creating a secure digital environment and reducing risks.

Following the presentation, the roundtable began, moderated by Escarlata Gutiérrez, prosecutor and cybersecurity professor at IE University. The first topic under discussion was risk management in digital security. This process requires the intervention of cybersecurity committees made up of multidisciplinary teams who are capable of assessing threats and planning strategies, protocols and policies. Regarding these policies, David Serrano, litigation director at ACCIONA, highlighted, “In order for them to be effective, they must be clear and under continuous review, because we live in an ever-changing world.” 

“Cybersecurity committees need to be made up of a multidisciplinary team.”
David Serrano, Litigation Director at ACCIONA

Many of these digital risks are linked to data protection and are not limited to personal data. As Helena Fernández, senior corporate legal manager at Repsol, pointed out, “Data, whether personal or non-personal, affects production. Both are equally important.” She went on to explain that Repsol developed its own safety statute long ago, including contractual measures requiring suppliers to comply. Thanks to these and other initiatives, risk management has become a part of the company’s culture.

“Risk management has become part of the company’s culture.”
Helena Fernández, Senior Corporate Legal Manager at Repsol

In a world where network attacks are constant, large companies are investing heavily in protective measures. Asier Crespo, legal director at Microsoft Ibérica, explained that their platform is one of the most attacked worldwide, making cybersecurity the first point on his agenda. For Microsoft, “Keeping our platform secure is critical, regardless of what the regulations say.”

“Lawyers should understand the technical side as well as the business side, so they can add value and not cause risk.”
Asier Crespo, Legal Director at Microsoft Ibérica

A highly specialized legal profile

Beyond the regulatory changes and threats of cyberattacks, another major challenge corporate law faces is the lack of lawyers specializing in cybersecurity. The panel of experts agreed that it is difficult to find qualified professionals who have not only mastered the legal framework but also the technical aspects and the business processes. In addition, these positions require a very specific profile. Companies are looking for people who have an open mind and “are not afraid to ask questions in order to understand things, nor to interact with other departments when necessary,” explained ACCIONA’s legal representative.

IE-ECIJA Digital Law Observatory

IE-ECIJA Digital Law Observatory is a space created by IE Law School to facilitate the analysis of and research into the impacts of the digital economy on the legal world. The advisory board is comprised of leading figures in the legal and technological worlds, including IE Law School Dean Soledad Atienza. In addition to cybersecurity, the main topics studied in the observatory are legaltech, artificial intelligence, the metaverse and the economy, as well as governance and data protection.