Cybersecurity and Privacy

Cybersecurity and privacy have become central aspects of the business landscape and the digital economy. Developments in legislation related to IT law and cybersecurity are rapidly progressing at both the EU and national levels. Addressing the challenges and opportunities this brings requires proactive and continuous efforts.

Cybersäkerhet och integritet - Moll Wendén

Digitalization, along with an increased degree of remote work, has led to organizations’ assets and resources being produced and stored in digital environments. The risks of cyberattacks, other types of data breaches, leaks, or IT disruptions make cybersecurity a crucial issue for all organizations, regardless of size. New technologies also offer various business opportunities for your organization.

It’s not just about understanding how to utilize different technologies; legislators demand a deep understanding of the technology and the organization’s responsibilities for it. The high legal requirements often apply regardless of the organization’s size. Therefore, it is essential to stay updated on how to mitigate both legal and financial risks. This competency requirement applies whether you are a public entity or in the private sector, as well as a user or provider of a particular product or service.

NIS2 Directive, AI Regulation, GDPR, and Other Relevant Regulations

Depending on the business and industry, multiple regulations may need to be considered to gain a comprehensive perspective. One example is the introduction of the NIS2 Directive, aimed at strengthening security measures and reporting obligations for businesses covered by the directive. Additionally, the EU’s AI Regulation will also impact the legislative landscape. We also see that privacy legislation such as GDPR remains relevant and will continue to gain traction—virtually all organizations need to address and work with privacy issues. Other regulations that may become relevant within the framework of cybersecurity and privacy include the Security Protection Act, EU regulations on digital markets and digital services, and CRSD (Corporate Sustainability Reporting Directive), to name a few.

Long-term and Immediate Work in Cybersecurity and Privacy

In cybersecurity and privacy, we assist with both preventive and long-term work, as well as support during more urgent situations. Below are some examples of our advisory services:

Preventive Work

We offer strategic advice to create an overarching and long-term direction for information and cybersecurity efforts. This includes analyzing strategic challenges and priorities as well as resource allocation. By identifying and addressing obstacles to effective information exchange, we ensure our clients have well-structured processes for necessary information sharing.

Crisis Management

In the event of IT security incidents, we assist clients with expertise to manage and mitigate the damage from cyberattacks. This type of advice is critical as these threats can impact the fundamental functions of society. The firm provides support throughout the entire process, from the immediate response to an incident to long-term recovery and reinforcement of security systems.

Ensuring Compliance with Relevant and Upcoming Legislation

We help our clients apply and comply with relevant laws and regulations, including the EU Cybersecurity Act, GDPR, and the upcoming regulations on artificial intelligence. We offer advice to ensure clients are up-to-date with the latest rules and practices.

Training and Competence Development

We provide training aimed at raising awareness of cybersecurity risks and data protection. Training initiatives can strengthen internal capacity and the ability to identify and respond to threats, which is fundamental to maintaining a secure and resilient organization.

Specifically on the NIS2 Directive

The NIS2 Directive expands the scope of the NIS Directive and imposes stricter requirements on cybersecurity efforts. We help clients understand if they are covered by the new security requirements, manage risks effectively, and report incidents correctly. We also offer advice on the expanded reporting requirements and help clients navigate the enhanced supervisory landscape to avoid sanctions.

Do you have questions about how to apply any of the above, continuous work with information processes, or urgent situations? We are happy to discuss the needs and conditions of your specific organization further.