| Abstract [eng] |
Cyber risk is an unavoidable part of virtually every business activity that can be reduced (but not completely eliminated) through certain cyber security measures. Cyber risk for companies can include not only damage to the company itself (lost information, reputational damage, etc.) but also damage to contractors - business partners (confidential information) and third parties (lost data). Responsible company executives (in sectors where there is no additional cyber regulation) should adhere to the bonus pater familias standard when organizing the company's activities and performing their fiduciary duties also consider and assess the cyber risks the managed company faces, and apply appropriate risk mitigation measures, prepare for a possible cyber incident. Meanwhile, the executives of companies operating in certain additionally regulated sectors (eg financial institutions) and certain entities of particular importance to the state economy, which are included in the list of cyber security entities, are subject to wider range of cyber security obligations established by mandatory legal norms and technical specifications. Although the obligation to ensure the cyber security of the company rests with the executive of the company, while organizing the company's activities, the executives have the right to entrust these responsibilities to the company's employees (eg information technology or other risk management specialist) or third parties (eg external information technology or cyber security service providers). It should be noted that the executive, which have entrusted performance of some the duties to other parties retains the duty to supervise the performance of these duties, while the intensity and scope of the duty of supervision shall be determined according to the origin of the assigned duty. An employee of the company shall be liable for the assigned cyber security duties in accordance with the procedure established in the Labour Code, and the civil liability of a third party may be subject contract or tort liability. |
