Global expertise
See how our global Cyber team can help you
Cyber risk advisory
18 Sep 2025
Insight
The role of legal teams as key players in managing organisational cyber risk is clear, with 76% of respondents reporting that legal functions are central to incident response.
Notably, there are two key areas where the importance of the legal-cyber nexus are best highlighted – the increase in legal-focussed cyber incident response plans (CIRP) and simulation participation. These figures clearly illustrate legal expertise is valued and, in many organisations, viewed as critical to cyber security risk management, incident response, regulatory compliance and reputation management.
Jones reflected that one of the key strengths of a general counsel during a cyber crisis is the ability to manage tension and stressful situations analytically and objectively, enhancing clarity and assurance for boards. “They are good at taking the heat out of situations and focussing on the matter at hand,” he said.
“I also think the ability many lawyers have to manage multiple streams of work is also something that is typically very important, and critical when an incident has occurred. They can balance the need to move quickly with best protecting an organisation.”
However, despite their growing importance, in-house legal teams are also stretched. Heather Kelly observed a pervasive climate of economic and geopolitical uncertainty was impacting the role of legal teams, expanding their remit and forcing them to become more reactive to risks, including cyber. “The evolving role of the general counsel – from ring-fenced lawyer to risk advisor – means that legal teams are stretched very thin. They don’t have the capacity to invest in the myriad of risk management activities they would like to. So, it is very heartening to see that there has been an uptick in their preparedness in relation to cyber. Their budget and bandwidth are precious resources,” Kelly said.
Today I think the aperture is much broader for a lawyer… If you think about the way the regulatory landscape is changing – the fact you’ve got multinational companies, where is your data stored, how things are evolving and the toolset and business tools like AI – you really need somebody who understands the regulatory, compliance and privacy aspects, in conjunction with cybersecurity experts.”
Karen Kukoda, Mandiant
from Cross Examining Cyber: Conversations on Cyber Law, Episode 17
Christine Wong said that she had noticed general counsels and in-house legal leaders were increasingly focussed on getting a handle on data, which represents a significant challenge for organisations, especially those with legacy systems and large data stores. “Organisations are grappling with the Hydra like nature of their data – so much data across so many systems has given rise to significant complexity in understanding what is there and whether the control and security settings are adequate. Given recent law reforms and the prevalence of data extortion attacks, I think data risk management will continue to be a real driver of concern for in-house teams,” Wong said.
Kelly noted the rise of AI had also made many organisations focus on data in a way the risk of a potential future cyber attack had not, with “legal teams harnessing the newfound momentum to spearhead projects aimed at cleaning up aged and inaccurate data”.
The evolving role of the general counsel – from ring-fenced lawyer to risk advisor – means that legal teams are stretched very thin.”
Heather Kelly
Senior Associate
Even if business continuity isn’t impacted by a cyber event, the issues are still occurring in the context of an IT security environment having been impacted. Following a significant event, many corporates understandably want to review position, to ensure that settings are appropriate and consider whether some defences need to be strengthened,”
Christine Wong
Partner
Key contacts
Cameron Whittfield
Partner, Melbourne
Peter Jones
Partner, Head of TMT, Asia, Singapore
Carolyn Pugsley
Partner, Melbourne
Anne Hoffmann
Partner, Sydney
Magdalena Blanch-de Wilt
Executive Counsel, Melbourne
Heather Kelly
Senior Associate, Melbourne
Kaman Tsoi
Special Counsel, Melbourne
Christine Wong
Partner, Sydney
Legal Notice
The contents of this publication are for reference purposes only and may not be current as at the date of accessing this publication. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action based on this publication.
© Herbert Smith Freehills Kramer 2026
Stay in the know
We’ll send you the latest insights and briefings tailored to your needs
Subscribe now