Cyber threats are constantly evolving, as are the actors behind them. High volume, low success phishing attacks seeking credit card details or network passwords have given way to ransomware attacks such as WannaCry and state-backed social engineering ploys targeting high profile individuals. Participants in arbitration should take the threat of cyber attack very seriously and view the flexibility of the process as an opportunity to implement best practices to protect sensitive information. As the nature of cyber threats evolves, parties to disputes must also evolve how to prepare for and respond to those threats.

Participants in arbitration are at risk

Parties in arbitration proceedings may prove particularly attractive targets for cyber attacks. The increase in transparency in investor-state arbitration through the publication of case documents during the proceedings might provide new opportunities for hacktivists to interfere with the arbitral process.

Parties will often exchange sensitive information in arbitration proceedings (including through the disclosure process) through unencrypted emails or unsecure cloud-based platforms, the financial interests at stake can be very high and organisations may generally be under stress. Parties may also be working and sharing sensitive information with external advisers and third-party contractors, including translators, court reporters and copy vendors, whose data security systems and practices may be less robust. As noted by the International Chamber of Commerce’s Commission on Arbitration and ADR Task Force on the Use of IT in International Arbitration, “[d]espite the potential seriousness of these issues, some IT users seem unconcerned, or perhaps too willing to opt for convenience over security”.

Oct-Dec 2017 issue

Latham & Watkins