IT Security at a Crossroads: A Strategic and Legal Imperative
auteurs
Arnaud Tessalonikos Partner
News
18 December 2025

IT Security at a Crossroads: A Strategic and Legal Imperative

IT security is no longer a purely technical matter. It has become a strategic, organizational, and legal issue. With cyberattacks causing severe financial and reputational damage, companies must adopt a holistic approach combining technical, managerial, and legal expertise.

 

1. A Multidimensional Approach
Cybersecurity requires cross-functional collaboration to set clear objectives, assess risks, and implement preventive or corrective measures. Security is now viewed as a strategic investment, reinforced by legal developments: moving from a right to security to an obligation to secure.

 

2. A Constantly Evolving Legal Framework
Organizations must navigate a complex environment: international conventions, EU regulations (GDPR, NIS2), national laws, and standards from authorities such as CNIL and ANSSI. Continuous legal monitoring is essential for compliance.

 

3. Legal Tools for Cybersecurity

Preventive Measures:

  • Security clauses in IT contracts (responsibilities, ISO 27001 standards, incident management, audits, continuity plans).
  • Cybersecurity service contracts (pentests, audits, SOC) with detailed scope, objectives, and liability limits.
  • Internal IT charters and security policies (ISSPs), regularly updated and integrated into supplier agreements.
  • Internal procedures and user training (90% of incidents involve employees).


State of the Art: Contracts often refer to best practices and standards, clarified case by case.
 

Remedial Measures:

  • Establishing a multidisciplinary crisis unit (CISO, CIO, legal, communications, HR, insurer).
  • Crisis management plans, drills, post-incident analysis.
  • Evidence preservation (disconnect without shutting down, pre-arranged expert intervention).


4. Practical Implications
Cybersecurity is now a strategic investment, requiring an integrated approach: prevention, contractualization, governance, crisis management, and regulatory compliance.


Legal tools, when properly applied, structure cybersecurity, protect the company, and build trust with business partners.
 

Read the full article at: unyer
 

auteurs
Arnaud Tessalonikos Partner