You are here

Cyber and Data Security

Legal, technical and commercial expertise to keep your business cyber secure

Share

Share

Strategies that make the most of technology bring significant efficiencies and growth opportunities, but also a range of risks.

Our global cyber and data security team has an unrivalled breadth and depth of expertise and includes specialists from our data privacy, dispute resolution, financial services regulatory, corporate crime and investigations, insurance and employment practices, amongst others.

As a global full service firm, we are able to advise on cyber security issues wherever they may arise, and simultaneously across multiple jurisdictions where an incident requires it.

Our team advises across the full cyber security lifecycle, including before-the-event cyber risk management and advisory, incident response (including data breaches) and non-contentious transactional and project work. Find out more about that here.

We have also developed an in-house software tool and workflow which allows us, efficiently and cost-effectively, to identify the personal data that has been compromised in a data breach and the risk to individuals concerned. Read more here.

SUBSCRIBE TO OUR CYBER SECURITY BLOG
DOWNLOAD OUR PRACTICE BROCHURE
DOWNLOAD OUR DATA BREACH RESPONSE AND ANALYTICS BROCHURE

 

 

Our approach in more detail

We advise across the full cyber security lifecycle, including before-the-event cyber risk management and advisory, incident response (including data breaches) and non-contentious transactional and project work.

Some examples of this are illustrated in the below carousel.

1

Before-the-event cyber risk management and advisory

Cyber risk assessment and management, drafting policies and procedures, contractual review, data protection compliance and policies, regulatory compliance, procurement (such as contractor vetting and contractual protections), data retention and insurance.

 

2

Incident response

Full incident management, advice on discrete elements, investigating and coordinating the response in conjunction with internal or third party technical incident response teams, regulatory notifications and reporting, liaison with data protection authorities and law enforcement, management of communications with affected parties and the media, handling of any ensuing litigation (including class actions).

 

3

Transactional and project work

Advice on cyber and data security issues as part of transactional work, joint ventures, projects work and outsourcing including cyber security due diligence, supply chain risk management or contractual reviews.

 

OUR APPROACH

We approach cyber security on the basis of the full cyber security lifecycle (for example as embodied in NIST's cyber security framework), which we summarise below:

Identify - threat / risk assessment
Detect
Respond
Recover

 

We tailor our approach to your business, working flexibly with your existing cyber teams, and any existing policies and procedures to provide bespoke and practical advice as required. We can also draw upon our local country and regional experts. Many of our team have technical backgrounds, enabling them to understand the technical causes and implications of cyber issues, and to work seamlessly with your internal IT teams or third party technical consultants.

Our global coverage enables us to offer 24/7 incident response, advice and assistance where necessary.

 

 

Our data breach response capability

Cyber security incidents and data breaches require an immediate, decisive and multi-disciplinary response. We offer this through our unrivalled breadth and depth of expertise spanning cyber security, data privacy, financial services regulatory, corporate crime and investigations, dispute resolution, insurance and employment.

Breaches frequently cross geographical and jurisdictional borders. We have experts in our 27 global offices together with a network of ‘best-friend’ firms enabling us to assist you wherever you need it.

We will immediately assemble the right team to be by your side in those crucial first hours and days of a crisis. We will support you to respond quickly and to mitigate the risks arising from the incident. We have decades of experience helping clients take control of all aspects of crises.

We can liaise with regulators where necessary, and have proprietary tools to assist in identifying what personal data has been breached so that it can be reviewed and assessed quickly and accurately in order to inform notification decisions.

We can help to address disputes and claims arising from an incident through our top tier dispute resolution and class action practice, and can also assist with obtaining injunctions to contain incidents where personal data or intellectual property are published online.

Our cyber insurance experts know how to manage cover and recovery in a cyber-incident to limit the financial impact that a breach could have.

DATA BREACH ANALYTICS

We have developed an in-house software tool and workflow to work as part of our multi-disciplinary approach which helps us, efficiently and cost effectively, to identify the personal data that has been compromised and the risk it poses to the individuals concerned.

This will put structure around unstructured data by rapidly identifying the most significant and sensitive personally identifiable information and prioritising that for review. The tool helps to identify where the affected data subjects are and helps produce distribution lists for subsequent notification, thereby providing not only a swift decisive response to the incident but also aiding compliance with the GDPR and other international data protection regulation.

Our software and workflow brings together our global legal experts, our global Alternative Legal Services document review teams and Legal Process Management teams to provide a seamless and cost effective process. This complements our best-in-class document review platform (Relativity) which offers powerful predictive coding and keyword searching capabilities to assist in the review of the compromised materials.

Accolades

Andrew Moir, Head of Global Cyber and Data Security "brings a unique blend of deep legal and technical IT expertise."

Legal 500, data protection and cyber security, 2019
Miriam Everett

Miriam Everett, Head of Data Protection "provides technically sound advice and is commercial in her approach."

Legal 500, data protection and cyber security 2018

“Very good at advising on the cutting-edge developments in this area”

Chambers 2017, Data Protection and Cyber security

“Fantastic level of service, paired with very responsive and practical guidance and an efficient approach”

Legal 500 UK 2017 Risk Advisory, Data Protection, Privacy and Cyber Security
The Data Economy

Data has evolved to become the lifeblood of global trade. Data connects almost every aspect of modern life, and the commercial value and opportunities attributed to data have increased dramatically in ways that were not previously possible.

Find out more

Recent Experience

A global financial services company

We are appointed as the sole APAC and EMEA cyber security counsel to a global financial services company to assist in managing cyber security risks and incidents across 26 countries.

A MULTINATIONAL ENERGY COMPANY

We are the preferred cyber security legal counsel to an energy multinational, advising globally.

a global company

We acted for a global company in relation to incident response following the inadvertent disclosure of the entirety of its global HR database to an unrelated third party by one of its cloud service providers. The incident affected employees in multiple jurisdictions across Australasia, Europe and the Americas. Herbert Smith Freehills London coordinated the global response (engaging local counsel where required). 

A GLOBAL INVESTMENT BANK

We advised a global investment bank in relation to a cyber security incident which saw US$40 million taken from a number of accounts, including reporting to and subsequent liaison with the relevant regulators, and on litigation by the account holders seeking to recover their losses from the bank. 

A telecoms company

We advised a telecoms company in relation to a state-sponsored advanced persistent threat (APT) cyber security incident which was detected during its acquisition of a data centre and subsea cable capacity provider, and resulted in customer data being exfiltrated. This included advising on data protection compliance issues and how to deal with the liability for the incident in the context of the corporate transaction.

a rail company

We advised a rail company in relation to the cyber security aspects of the procurement and roll-out of a digital train control and signalling system.

Our Latest Thinking
22 October 2019

2019 Global Bank Review

The 2019 edition of our Global Bank Review: The Data Game, explores the rapid growth of...
Read more
10 October 2019

Are you prepared? The board’s role in crisis management

With the ever-increasing growth in the number and potential magnitude of cyber, technological and operational...
Read more
Brexit legal guide 2018
11 November 2019

Brexit Legal Guide 2019

With just weeks until the Brexit deadline, businesses must now do what they can to...
Read more
Zero-day attacks, red teaming and other cyber concerns
02 July 2019

Zero-day attacks, red teaming and other cyber concerns

There are a myriad cybersecurity issues that legal departments must concern themselves with, with proactivity...
Read more

View More Latest Thinking

主要联系人

Andrew is Global Head of the firm's Cyber and Data Security practice and a partner in our intellectual property group.

Key Services
Patents
Cyber and Data Security
Key Sectors
Technology, Media and Telecommunications
Banks
+44 20 7466 2773
Read more

Joe is a disputes partner in our New York office and advises multi-national and domestic companies in US litigation and compliance matters.

Key Services
Dispute Resolution
Commercial Litigation
Key Sectors
Connected and Autonomous Vehicles
+1 917 542 7805
Read more

Mark is a global technology, media and telecoms sector specialist.

Key Services
Corporate
Cyber and Data Security
Key Sectors
Financial Buyers
Technology, Media and Telecommunications
+65 68689808
Read more

Rebekah is a partner in the dispute resolution group.

Key Services
Intellectual Property
Patents
Key Sectors
Energy
Pharmaceuticals and Healthcare
+61 2 9225 5242
Read more
View our team

Associated Expertise

Our global perspective and unique methodology has the potential to provide immense value to organisations across a wide range of sectors

Data Protection and Privacy

Practical and commercial advice to cut through the web of data regulation

Technology, Media and Telecommunications

Shaping tomorrow’s future

Corporate Crime and Investigations

Navigating complexity and sensitivity to provide clarity, confidence and solutions

Financial Services Regulatory

Helping you to interpret, influence and comply with global regulation

Class Actions

Mitigating risk in a new reality, is your business ready?

Fintech

Everything you need to stay one step ahead

Blockchain and Distributed Ledger Technology

Driving a new wave of innovation and productivity

Alternative Legal Services

Insurance Coverage

Effective risk transfer strategies and protection