PETYA CYBER-ATTACK: PRELIMINARY LEGAL IMPLICATIONS
As reported by the media, Oschadbank, Ukrposhta, Boryspil Airport, Kharkiv Airport, Ukrgasbank, OTP Bank, Ukrtelecom, Ukrzaliznytsia, Nova Poshta, Vodafone, Lifecell, DTEK, Kyiv Metro are among numerous companies which have been subsequently paralyzed.
Given unexpected, unprecedented and massive impact of the attack, confusion quickly shifted to fighting the immediate consequences of the attack. Both business and government acted in a swift way and the reactions included:
- on 4 July 2017 the Government approved draft amendments to the Tax Code of Ukraine whereby the taxpayers should be released from penalties for untimely registration VAT-invoices issued during 1 June to 15 June 2017 caused by the cyber-attack. Currently the Parliament is expected to vote for the mentioned draft amendments;
- the business, as reported, (i) filing applications to police for initiation criminal investigation with respect to cyber-attack, and (ii) working on restoring damaged files and networks and solutions to enhance its IT security;
- Ukrainian Chamber of Commerce and Industry is reported to agree to acknowledge Petya cyber-attack as a force-majeure event subject to compliance with the approved procedure of its confirmation by the proper evidences; and
- new case law / court practice with respect to force-majeure events and release from liability for damages caused by the recent attack is expected to be approved soon.
Regardless of the above changes in legislation and business environment, it is worthy of mentioning security measures, which may minimize risks and negative consequences if cyber-attacks take place in future, including:
- use licensed software;
- use anti-virus solutions;
- review the wording of the force-majeure clauses to make sure that cyber-attack is expressly listed as an event of force-majeure;
- prepare in advance IT security policies addressing: (i) actions if a company undergoes cyber-attack, and (ii) procedure of collecting evidences of a cyber-attack;
- pay attention to cyber-security, engage professional advisors and service providers in advance to ensure your business is properly protected.
- make sure to implement protective measures, including a disaster recovery plan. Implement procedures which should be closely followed in case of a crisis. Clarify liabilities and potential consequences with your advisors and service providers.
If you have any questions, please feel free to contact Oleksandr Liulkov, Managing Partner Ukraine (email@example.com; M: +380 67 729 9896)
This Legal Alert contains general information only, and Magnusson is not, by means of this document, rendering legal, tax, or other professional advice or services. This document is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect finances or business. Before making any decision or taking any action that may affect business, it is recommended to engage a qualified professional adviser.
MAGNUSSON APPOINTS SAM JALAEI AS NEW HEAD OF MIDDLE EAST GROUP
The international law firm Magnusson has appointed partner Sam Jalaei as the new Head of Middle East Group, effective as of 1st November 2018.read more
MAGNUSSON WARSAW SHORTLISTED FOR THE CEE INVESTMENT AWARDS 2018
Magnusson’s Warsaw office is shortlisted for the 8th annual EuropaProperty CEE Investment Awards in the category “Law Firm of the Year” and “Tax & Financial Provider”.read more
MAGNUSSON AT IBA ANNUAL CONFERENCE IN ROME
At the IBA Annual Conference in Rome, Magnusson was represented by a strong team of partners representing six countries of the Baltic Sea Region.read more
MAGNUSSON SHORTLISTED FOR THE BRITISH LEGAL AWARDS 2018
Magnusson is delighted to be yet again shortlisted for European Law Firm of the Year in the British Legal Awards 2018.read more