Relationship building across business key for inhouse counsel cybersecurity support: Michael Bowmile

Bowmile to speak about data and innovation at Canadian Lawyer's upcoming LegalTech Summit

Relationship building across business key for inhouse counsel cybersecurity support: Michael Bowmile
Michael Bowmile, Coca-Cola Canada Bottling Limited

With the growing frequency and sophistication of cybersecurity threats, in-house legal teams must build relationships across the business, bringing their versatile perspective to identify weaknesses and risks, says Michael Bowmile, senior legal counsel at Coca-Cola Canada Bottling Limited.

The transition to remote work following the emergence of COVID-19 left organizations vulnerable, and cyberattacks increased. In its survey of 4,744 organizations worldwide, Accenture found cyberattacks rose by 31 percent in the first year of the pandemic.

The heightened risk is costing businesses money. PwC’s Global Digital Trust Insights survey, which polled 3,522 senior executives in 65 countries, said 69 percent reported a cyber-security-budget boost in 2022, with 65 percent expecting the same in 2023.

“Money talks,” says Bowmile. “Businesses, as we pay more attention, are paying more to address the risk; insurance premiums related to cyber coverage have gone up as well.”

Threats are increasing, their frequency is increasing, and so is the sophistication of the perpetrators, which he says is challenging to keep pace with.

“In terms of what legal can do, we're a partner to the business. Fundamental to me is making sure that I develop relationships across the business. For people to come to their in-house lawyers – they need to trust them and understand the value that they can bring to the table. So, I focus a lot on relationship building.”

Bowmile will participate in a panel at Canadian Lawyer’s upcoming LegalTech Summit on June 15. “Data privacy amidst legal innovation: The role of cybersecurity” will occur at 1:35 pm EST.

Human error is the number-one cybersecurity risk, so training is the most important too, says Bowmile. This training must be relatable, authentic, and relevant to the employee’s role to be most effective. It is essential to execute breach-response training so that when an incident happens, everyone who needs to be involved is “working in the same direction,” he says.

Training must also be ongoing, and it is crucial to inform employees about what management is doing to protect the systems and servers, says Bowmile.

“As long as you're keeping it front and centre and making sure that you're doing what you can to make sure that your employees keep it top of mind, that's the best way to address what is the biggest risk: our people.”

From the beginning of his legal career, Bowmile aimed his path toward an in-house role so he could transcend the boundary between law and business. While summering at a construction company in law school, he was advised that to end up in an esteemed legal department, he should start out at a Bay Street law firm. After graduation, he worked in Dentons’ corporate group before joining Cancer Care Ontario, which was, at the time, an agency under the Ontario Ministry of Health.

Cancer Car’s performance management involved collecting personal health information from hospitals and using that data to inform performance improvements in the health system.

“Because that organization was analytics- and data-driven, and they collected large amounts of very sensitive information, data privacy was at the fore of everything we did.”

He says that that helped “set the stage” for his work at Coca-Cola.

“To be effective at what we do, I'm not just the legal adviser. I'm here to support the business end-to-end.”

That includes understanding how the business works, leveraging its IT professionals' expertise, understanding the key security risks, what IT is doing to address those risks, and what they think the business can do to mitigate those risks, says Bowmile.

“Full stop – cybersecurity is extremely important to enterprise risk management, which often falls on legal teams. Legal and privacy are often intertwined. Most general counsels also wear their [Chief Privacy Officer] hats in their business.”

“We get unique perspectives across business operations in ways that a lot of groups may not get the benefit of, and that allows us to be a key partner for our IT security teams.”