The IE – ECIJA Digital Law Observatory presents its report on Corporate Cybersecurity Strategies in a roundtable discussion with experts in corporate law.
On the occasion of the presentation of the Corporate Cybersecurity Strategies report by the IE – ECIJA Digital Law Observatory, IE Law School held a roundtable dedicated to analyzing digital security in the business legal environment. The event brought together experts in corporate law who discussed the risks and cybersecurity practices in companies.
Jesús Yañez Colomo, partner at ECIJA, began by presenting the report. According to the conclusions, compliance with European cybersecurity regulations presents both challenges and opportunities. On one hand, the strict security requirements require significant effort from companies. On the other hand, they also represent a unique opportunity to build resilience and strengthen defenses against digital threats. Together, these measures act as catalysts for the development of a strong cybersecurity culture, benefiting not only organizations but also contributing to creating a safe digital environment and reducing risks.
Following the report presentation, the roundtable moderated by Escarlata Gutiérrez, a prosecutor and cybersecurity professor at IE University, began. The first topic addressed was risk management in digital security, which requires the intervention of cybersecurity committees composed of multidisciplinary teams capable of assessing threats and planning strategies, protocols, and policies. Regarding these policies, David Serrano, Director of Litigation at ACCIONA, emphasized that “for them to be effective, they must be clear and subject to continuous review, because we live in a changing world.”
“Cybersecurity committees should be composed of a multidisciplinary team.” David Serrano, Director of Litigation at ACCIONA
Many of these digital risks are linked to data protection and are not limited solely to personal data. Helena Fernández, Legal Corporation Senior Manager at Repsol, pointed out that “data, both personal and non-personal, affect production: both are equally important.” She described Repsol’s experience, which has long had its own security statute and contractual measures that impose obligations on suppliers. Thanks to these and other initiatives, risk management has become part of the company’s culture.
“Risk management has become part of the company’s culture.” Helena Fernández, Legal Corporation Senior Manager at Repsol
In a world where network attacks are constant, large companies are investing heavily in protection measures. Asier Crespo, Legal Director at Microsoft Ibérica, stated that their platform is one of the most attacked in the world, and cybersecurity is the top priority on their agenda. For Microsoft, “keeping the platform secure is paramount, regardless of what the regulations say.”
“Lawyers must understand the technical aspects and the business they are in to add value and avoid risks.” Asier Crespo, Legal Director at Microsoft Ibérica
A highly specialized legal profile
Beyond regulatory changes and the threat of cyberattacks, another major challenge facing corporate law is the lack of lawyers specialized in cybersecurity. All the speakers agreed that it is not easy to find qualified professionals who not only master the legal aspects but also the technical aspects and the functioning of the business. Furthermore, these positions require a very specific profile, individuals with an open mindset “not afraid to ask questions to understand things or to interact with other departments when necessary,” as explained by the legal representative of ACCIONA.