Snapshot on Cybersecurity from the 2021 QMUL Survey on International Arbitration

Measuring the impact of the Covid-19 global pandemic in the International Arbitration field was not an easy task. However, it has been promptly targeted by Maria Fanou and Norah Gallagher from the School of International Arbitration at Queen Mary University of London, in collaboration with White & Case LLP.

The recently published “2021 International Arbitration Survey: Adapting arbitration to a changing world” (the Survey) collects impressions from an outstanding number of 1,218 participants representing a wide variety of stakeholders in international arbitration including counsels, arbitrators, in-house counsels, and arbitral institutional staff from different geographical regions. Taking into consideration the impact of the pandemic and the consequent changes to the arbitration practice, the survey focusses on current choices and future adaptations, diversity of tribunals, use of technology, sustainability, and information security.

With particular regards to the latter, the results are striking: despite the undisputed crucial role of cybersecurity in daily operations, only around 25% of respondents indicated that they ‘frequently’ or ‘always’ have seen cybersecurity measures implemented in arbitration proceedings. At the same time, however, the Survey revealed that the focus on technology and information security is increasingly getting stronger. It follows that initiatives aiming to provide practical guidance in the field, such as CyberArb (www.cyberarb.com),  come to play a fundamental role.

Is cybersecurity a disadvantage to virtual hearings?

Similarly to the recent 28th Vis Moot which promptly forecast the trends, respondents of the survey were asked about the disadvantages of virtual hearings, which widely took place during the pandemic.

Although the Survey does not indicate whether respondents have actually encountered any negative experience concerning cybersecurity, 30% of them listed confidentiality and cybersecurity concerns as a disadvantage of conducting arbitration proceedings virtually. However, it seems that virtual hearings are likely to be chosen over in-person hearings even in the post-pandemic scenario, and thus 37% of respondents showed sound awareness when requiring more reliable and secure technology for the immediate future.

Despite a growing awareness about the importance of having cybersecurity measures put in place to protect the confidentiality and security of electronically submitted data, the Survey clearly shows that there is still a long way to go. The majority of 57% of the respondents said they only encountered such measures in less than half of their cases, while 16% said they have never seen such measures put in place.

These data indicate a significant gap in international arbitration practice with respect to cybersecurity. The cybersecurity concerns might be elevated once a dispute involves a State or public interest issue. Even if the reasons for increased concerns were not stated, regard shall be given to malicious actors or state-sponsored cyber-attack groups which might target this area.

Overcoming the cyber-challenges and embracing technology

Despite the concerns, technologies that increase the efficiency of arbitration proceedings are generally found desirable. The Survey reveals that the most commonly used technologies are by far video conferencing and hearing room technologies, ‘always’ or ‘frequently’ used by 63% of the respondents. Another technology that attracted the arbitration community is cloud-based storage, adopted by more than half the respondents (56%). Particularly, respondents considered cloud-based platforms to be protective of confidentiality and security of electronic or electronically submitted arbitration-related data.

It should be noted that the cybersecurity measures to be adopted with regards to each platform providing services of video conferencing, hearing rooms, and cloud-based storage, should be considered separately and not be given as granted. This concept is based on the basic principle that information security shall be a “team-sport” or joint effort which involves all arbitration participants and cannot be fully relied on external service providers only.

The respondents were also asked to choose technological improvements that they would like to be commonly used. Almost half of them (47%) answered that only professional email addresses – rather than personal ones – should be used. Other suggested measures include access controls, e.g., multi-factor authentication (44%), institutional guidance or protocols (41%), platforms or technologies provided or controlled by the arbitral institution (40%), the adoption of soft law instruments and guidance, such as the 2020 ICCA – New York City Bar – CPR Protocol on Cybersecurity in International Arbitration (40%), and specific directions from arbitral tribunals (37%).

Furthermore, it has been noted that emerging technologies such as blockchain and AI could be considered as an infrastructure to be developed by the institutions, particularly for limited data access and data encryption purposes. Although these technologies are not themselves exempt from cybersecurity violations, it is worthy to explore them for the future and potential automatization of some aspects in international arbitration.

These statistics seem to suggest that arbitration users are expecting more guidance and support in dealing with cybersecurity issues. According to the Survey, in order to gain more market advantage, arbitral institutions should consider having a more hands-on approach with providing practical guidance, secure platforms, and technological infrastructure.

However, these data are still concerning, as “the majority (57%) encountered such [cybersecurity] measures in less than half of their cases”. Overlooking the importance of cybersecurity  enables gaps and “weak links” that could open the door to malicious actors activities, which have increased due to pandemic.

Is the arbitration seat “cyber-secure”?

According to the Survey, the top five most preferred seats are  London (54%), Singapore (54%), Hong-Kong (50%), Paris (35%), and Geneva (13%). One of the main reasons for the respondents’ choices is the ‘safety’ of such seats, although allegedly this information attains to physical/traditional security only.

However, given that cybersecurity is listed among the main concerns for the present and immediate future, and that improvements in the field are suggested as features to make institutions more competitive, the concept of safety in this digitalised era will likely entail cybersecurity in the due course. As a result, international arbitration may become a worldwide driving force for the adoption of soft law and hard law instruments aiming to increase the levels of cybersecurity in the countries where the competitive seats are located.

What role for popular arbitral institutions in enhancing cybersecurity?

There seems to be a common belief that arbitral institution should lead the discussion on cybersecurity. For instance, the ICC, which appears to be the most preferred arbitration institution (57% of the respondents), provides Suggested Clauses for Cyber-Protocols and Procedural Orders Dealing With The Organisation of Virtual Hearings that parties may consider adopting to ensure and enhance cybersecurity during the arbitral proceedings. Also the second-placed LCIA (39% of respondents) in the new 2020 LCIA Rules included a provision stipulating that the  tribunal could adopt specific information security measures and means to address the processing of personal data in consultation with the parties and, only where necessary, with the LCIA (see Article 30A).

In conclusion, the Survey arguably indicates that international arbitration practitioners are aware that the use of technology can boost efficiency. As such, virtual hearings may very well be the normal way of doing business even for the post-pandemic future.

However, virtual hearings and other technological means employed increase concerns regarding cybersecurity. To tackle these issues, arbitral institutions and professional organizations arguably are in the position to take the lead and be more proactive in raising g awareness on the topic, as well as providing guidance and services. In this mission, they can rely on the support from other multidisciplinary initiatives.

As highlighted by the Survey, “[a]lthough there are encouraging signs that users are mindful of cybersecurity issues and the need to address them, there is nonetheless ample scope for more engagement on this front”.

author

Cemre Kadioglu

Cemre is a member of Istanbul and the New York Bar. Cemre is enthusiastic about the intersection of technology and law. She holds an LLM degree from Georgetown University in International Business and Economic Law with International Arbitration and Dispute Resolution Certificate. She is a former Fulbright scholar, and Vis…

author

Carolina Mauro

Carolina Mauro is a qualified Italian lawyer and member of the Udine bar. After graduating cum laude from Università degli Studi di Trieste in 2016, she passed the Italian bar exam and qualified as an ‘avvocato’ in 2018. In September 2020 she successfully completed an LL.M in International Business Law at…

author

Wendy Gonzales

Founder of CyberArb. Based in the Netherlands, she is a Spanish qualified lawyer and LL.M in International Business Law with a major in International Arbitration from Vrije Universiteit Amsterdam. At present, she is getting certified by the Chartered Institute of Arbitrators (CIArb). She is Disputes and Litigation counsel as well…

Featured Arbitrators

Results from: Virginia, United States
ad
View all
ad

Read these next

Category

California Appellate Court Overturns Arbitration Award that Violated Plaintiff’s Statutory Right to Work

This article first appeared on Globar Arbitration News, Baker McKenzie, here. Brown v. TGS Management Co., 57 Cal. App. 5th 303 (2020) [click for opinion] TGS Management Co., Ltd. (“TGS”)...

By Jacob Kaplan, Michael Hidalgo
Category

ICSID and UNCITRAL Release Version Two of the Draft Code of Conduct for Adjudicators in International Investment Dispute

ICSID and UNCITRAL have just released an update to the draft Code of Conduct for Adjudicators in International Investment Disputes. This new version amends the original draft Code, which was published in...

By Stacie Strong
Category

Arbitrating De-platforming Disputes

As most have heard by now, there is great interest and debate regarding the Facebook Oversight Board and its power to decide users’ complaints that they have been improperly de-platformed...

By Amy Schmitz

Find an Arbitrator