Cyber risk
The new cost of doing business
Click here
We understand that managing cyber risk is one of the highest priorities for our clients. This is why we have built a dedicated cyber practice to provide 360-degree cyber risk management and incident response services.
Whether your challenge relates to ransomware, cyber extortion, corporate espionage, inadvertent disclosure, advanced persistent threat, or something else – we have the experience to assist you. With a follow-the-sun model across our offices in APAC, EMEA and the US, and an established network of trusted best-friend firms, our teams provide assistance wherever and whenever you require. Our practice brings together deep knowledge across crisis management, data privacy, insurance, regulatory, compliance, corporate governance, disputes and class actions to provide a complete service for your needs. Our multidisciplinary team has backgrounds in IT, forensics and cyber security, and can speak the same language as your technical teams.
Our risk management and advisory services include developing incident response plans, delivering incident simulations, advising boards, reviewing policies and procedures, regulatory compliance audits and uplifting overall cyber resilience.
We offer 24/7/365 cyber incident response standby retainers. We recognise one size does not fit all, tailoring our services to fit what you need and can work with any forensic, IT or other providers of your choosing. Should an incident occur, we are your trusted crisis management advisers. Our team provides bespoke advice to guide you through the incident and its aftermath, including working to manage ransomware negotiations, media and communications strategies, law enforcement and regulator engagement, supplier and customer disputes, realising insurance recoveries, class actions and more.
Our global team of advisers can also provide the full suite of data breach analytics services, including processing, analysis, analytics and hosting services, to get to the heart of compromised data and to understand the issues it presents.
Backed by one of the world’s leading litigation and dispute resolution teams, we are equally adept at guiding you through issues that arise as a result of cyber incidents.
Experience
A global investment bank
We advised a global investment bank in relation to a cyber security incident which saw US$40 million taken from a number of accounts, including reporting to and subsequent liaison with the relevant regulators, and on litigation by the account holders seeking to recover their losses from the bank
A US fashion company
We advised a US fashion company in relation to a cyber attack in which the client’s Managing Director’s email account was hacked, allowing the hacker to pose as the Managing Director and send instructions to the company’s Financial Controller to transfer funds from the US to a bank account in Hong Kong. We put a freezing order on the account, traced the perpetrator, commenced civil proceedings and the client ultimately recovered its funds plus the costs of the civil proceedings
A cyber forensics consultancy
We advised a cyber forensics consultancy on the legal considerations around maintaining a database containing compromised user credentials sourced from the open and dark web, and in particular the criminal and regulatory issues around paying for such data as well as the data protection issues concerning the measures necessary to protect the data
An international bank
We advised an international bank on the creation of a Global Information Security Framework for all its global entities, involving the drafting of policies, guidelines regarding personal data, banking secrecy, cyber crime, data-leaks, and usage of social networks
A consortium of global banks
We advised a consortium of global banks on establishing the Cyber Defence Alliance – a cyber security intelligence sharing joint venture. This included incorporating the necessary corporate entities, advising on the information sharing protocol, advising on data protection issues around aggregation and pooling of log information and advising on competition law issues in relation to avoiding sharing company sensitive information
An online retailer
We advised an online retailer following the online publication of a vulnerability in its Android and iPhone apps by a “white-hat” hacker, following which customer data was systematically extracted and published. We advised on the best approach to managing the fallout from the data breach, including data protection and privacy advice, liaising with the data privacy regulators in the UK and Australia, and managing communications to the affected data subjects and the media
Related insights
Key contacts
Andrew Moir
Partner, Intellectual Property and Head of Cyber Security and Data, London
Cameron Whittfield
Partner, Melbourne
Peter Dalton
Partner, London
Miriam Everett
Partner, London
Peter Jones
Partner, Head of TMT, Asia, Singapore
Alan R. Friedman
Counsel, New York
Magdalena Blanch-de Wilt
Executive Counsel, Melbourne
Austin Manes
Special Counsel, Privacy Counsel, Silicon Valley