Abstract

Cybersecurity in international arbitration is a complex question on multiple levels. Measures aimed at mitigating cyberattack risks and the consequences of a security breach involve considerations of information security - a rapidly evolving and highly technical area. Such measures may also impact various aspects of an arbitration, including its administration and procedure. A risk-based approach whereby a risk assessment is carried out in every arbitration proceedings by the arbitral participants and whereby arbitrators, after consultation with the parties, have the authority to adopt measures based on the circumstances of each individual case gives rise to concerns. Giving arbitrators the power to adopt cybersecurity measures may not sit well with an arbitrator's background and training, or the nature of their main function. Such approach may result in conflicts of interest and ultimately affect the integrity of the arbitral process, and is unlikely to produce desired systemic results. Whilst the significance of cybersecurity risks may vary from one case to another, there are cybersecurity risks that arise in virtually every international arbitration. This paper suggests that cybersecurity rules based on accepted information security principles and addressing baseline risks would raise the level of cybersecurity in international arbitration on a systemic basis. 

This paper will be part of the TDM Special Issue on "Cybersecurity in International Arbitration". More information here https://www.transnational-dispute-management.com/news.asp?key=1707