You are here

Cyber risk advisory

Legal, technical and commercial expertise to keep your business cyber secure


At Herbert Smith Freehills, we understand that managing cyber risk is one of the highest priorities for our clients. This is why we have built a dedicated cyber practice to provide 360-degree cyber risk management and incident response services. 

Whether your challenge relates to ransomware, cyber extortion, corporate espionage, inadvertent disclosure, advanced persistent threat, or something else – we have the subject matter expertise to assist you.  With a ‘follow the sun’ model, 26 offices worldwide and an established network of trusted best-friend firms, our teams can provide assistance wherever and whenever you need it.  Our practice brings together subject matter expertise across data privacy, insurance, regulatory, compliance, corporate governance, disputes and more to provide a complete end-to-end service for your needs.  Our multi-disciplinary team have backgrounds in IT, forensics and cyber security, and can “speak the same language” as your technical teams.

Leading multinationals turn to us as their trusted advisers across the full cyber risk management lifecycle. We can help you with all your cyber security needs, including:

Our risk management and advisory services include developing incident response plans, delivering cyber incident simulations, advising Boards, reviewing policies and procedures, and uplifting overall cyber resilience.

We offer 24/7/365 cyber incident response standby retainers.  We recognise that one size does not fit all when it comes to cyber.  We tailor our services to fit exactly what you need, are independent and can work with any forensic, IT or other providers of your choosing.  Should an incident occur, we are your trusted crisis management advisers.  Our experts can provide bespoke advice to guide you through the incident and its aftermath, including working with you to manage ransomware negotiations, media and communications strategies, law enforcement and regulator engagement, supplier and customer disputes, realising insurance recoveries, class actions and more.

Our 350+ strong global team of data and technology specialists can provide the full suite of data breach analytics services,  including processing, analysis, analytics and hosting services, to get to the heart of compromised data and to understand the issues it presents.


Recent Experience

a cyber forensics consultancy

We advised a cyber forensics consultancy on the legal considerations around maintaining a database containing compromised user credentials sourced from the open and dark web, and in particular the criminal and regulatory issues around paying for such data as well as the data protection issues concerning the measures necessary to protect the data.

a US fashion company

We advised a US fashion company in relation to a cyber attack in which the client’s Managing Director’s email account was hacked, allowing the hacker to pose as the Managing Director and send instructions to the company’s Financial Controller to transfer funds from the US to a bank account in Hong Kong. We put a freezing order on the account, traced the perpetrator, commenced civil proceedings and the client ultimately recovered its funds plus the costs of the civil proceedings.


Insights and updates

21st August 2023
At a time of increased scrutiny by regulators in the realm of customer and public...
28th June 2023
Australia has experienced a pronounced increase in regulatory activity as well as class claims stemming...
31st May 2023
From ransomware to electronic warfare, the digital world has grown perilous. Our latest TechQuake instalment...

Our People

Related news and deals

18 September 2023

Cyber capable survey: legal perspectives on Australia’s dynamic risk landscape