With many fintechs taking the approach that it’s not if they will suffer a cyber attack but when, Skadden counsel Nicola Kerr-Shaw joins the latest “Fintech Focus episode to discuss how proper preparation can help significantly reduce regulatory scrutiny and sanctions, reputational impact and risk of resultant litigation. A member of the firm’s global Cybersecurity and Data Privacy Practice, Nicola covers notification messaging, regulatory expectations and ransom payment considerations in this discussion with host Joseph Kamyar. “Preparation is key, and even more so for fintechs, given the regulatory environment and personal liability under the SMCR,” she observes.

🗝️ Key Points 🗝️

Top takeaways from this episode

• “Big Bang Effect”: Sometimes, a cyber attack is announced in a dramatic “big bang” – screens going dark, an image alerting you to the attack. Other times, it can be subtle, with certain systems suddenly unavailable for no apparent reason.
• Notifying Stakeholders: Nicola encourages fintechs to have a well-coordinated and well-considered communication strategy that guides response and addresses regulatory requirements.
• Communicating With Staff: Leaders should be prepared to give staff messaging that includes the basics of the event and reminds them not to post to social media.
• Do You Pay? Different laws apply to different jurisdictions, so a company that finds itself a victim of a ransom attack needs to carefully navigate the legal landscape.

💡 Meet Your Host 💡

Name: Joseph Kamyar

Title: European Counsel, Corporate at Skadden

Specialty: “Fintech Focus” host and European counsel Joseph Kamyar advises on a wide variety of corporate transactions, including cross-border private mergers and acquisitions, fundraisings, joint ventures, corporate reorganizations and general corporate matters, with a particular focus on the financial services, technology and media sectors.

Connect: LinkedIn | Email

💡 Featured Guest 💡

Name: Nicola Kerr-Shaw

What she does: Counsel Nicola Kerr-Shaw, a key member of Skadden’s global Cybersecurity and Data Privacy Practice and an authority on AI-related issues, represents financial institutions, technology companies and other businesses in matters pertaining to AI, cybersecurity, data and privacy, and emerging technologies. She works with companies to creatively and effectively help them achieve their commercial goals.

Organization: Skadden

Words of wisdom: “A point to remember for the fintech world is that notification is around enabling individuals to protect themselves. So, [when] things like identity documents, payment mechanisms have been impacted, swift notifications might be key. That being said, though, there is a balance to be struck between notifying quickly and also taking a breath and determining if a notification is really necessary.”

Connect: LinkedIn | Email

Connect with Skadden

☑️ Follow us on X and LinkedIn.

☑️ Subscribe to Fintech Focus on Apple Podcasts, Spotify, or your favorite podcast app.

Fintech Focus is a podcast by Skadden, Arps, Slate, Meagher & Flom LLP, and Affiliates. This podcast is provided for educational and informational purposes only and is not intended and should not be construed as legal advice. This podcast is considered advertising under applicable state laws.