Press Releases

Cybersecurity Protocol for International Arbitration 2022 Edition

The New York City Bar Association, International Council for Commercial Arbitration (ICCA) and the International Institute for Conflict Prevention & Resolution (CPR) have released a new edition of the Cybersecurity Protocol for International Arbitration (2022).

The Protocol, the first edition of which was released during New York Arbitration Week in 2019, reviews the importance of cybersecurity in arbitration; the high stakes and the risks inherent in international arbitration, including the cross-border nature of the process, which often involves extensive travel and the use of multiple networks; and factors to be considered in developing reasonable cybersecurity measures. The Protocol is structured to provide practical guidance, while also informing arbitral participants about their obligations to protect the integrity of the process.

Launched at the XXVth Congress of ICCA in Edinburgh, Scotland, the new edition contains a sample personal data breach protocol, underscoring the importance of having an incident response plan in place in case a security incident were to occur during an arbitration. Additional references have been added as well.

The City Bar was represented on the Working Group by Stephanie Cohen, Lea Haber Kuck and Mark C. Morril. The City Bar representatives stated, “The original protocol quickly earned its place as a go-to arbitration resource worldwide. Updates to the protocol solidify that status, by responding to the maturing cybersecurity and data protection environment. The sophistication of cyber-threats has increased even as the pandemic has greatly increased reliance on the digital space, obligating the arbitration community to be ever more vigilant in protecting its data.”

The Working Group’s editioning approach to the Protocol reflects the inevitable need for it to evolve over time in light of changing technology; new and prevalent cyber threats; new or amended laws/regulations; consensus that may emerge as to reasonable measures/arbitration best practices; new cybersecurity initiatives by institutions or others; and practical experience implementing the Protocol.

To facilitate the periodic improvement and updating of the Protocol, the Working Group encourages persons who use the Protocol to share their experiences in deploying it and provide feedback, which may be sent to

The new edition of the Cybersecurity Protocol is available here:

Members of the Working Group

Olivier André, Freshfields Bruckhaus Deringer (formerly with International Institute for Conflict Prevention and Resolution (CPR))

Paul Cohen, 4-5 Gray’s Inn Square Chambers

Stephanie Cohen, Independent Arbitrator

Hagit Elul, Hughes Hubbard & Reed LLP

Lea Haber Kuck, retired partner, Skadden, Arps, Slate, Meagher & Flom LLP

Micaela McMurrough, Covington & Burling LLP

Mark Morril, Independent Arbitrator

Kathleen Paisley, Ambos Law

Chair: Brandon Malone, Scottish Arbitration Centre; Brandon Malone & Company

Secretaries: Eva Y. Chan and Jesse R. Peters, Skadden, Arps, Slate, Meagher & Flom LLP

For its contribution in developing the Protocol, the City Bar’s representatives consulted its Committees on Arbitration, International Commercial Disputes, and Information Technology & Cyber Law.