You are here

Cyber and Data Security

Legal, technical and commercial expertise to keep your business cyber secure

Share

Strategies that make the most of technology bring significant efficiencies and growth opportunities, but also a range of risks.

Our global cyber and data security team has an unrivalled breadth and depth of expertise and includes specialists from our data privacy, dispute resolution, financial services regulatory, corporate crime and investigations, insurance and employment practices, amongst others.

As a global full service firm, we are able to advise on cyber security issues wherever they may arise, and simultaneously across multiple jurisdictions where an incident requires it.

Our team advises across the full cyber security lifecycle, including before-the-event cyber risk management and advisory, incident response (including data breaches) and non-contentious transactional and project work. Find out more about that here.

We have also developed an in-house software tool and workflow which allows us, efficiently and cost-effectively, to identify the personal data that has been compromised in a data breach and the risk to individuals concerned. Read more here.

 


 

Our approach in more detail

We advise across the full cyber security lifecycle, including before-the-event cyber risk management and advisory, incident response (including data breaches) and non-contentious transactional and project work.

Some examples of this are illustrated in the below carousel.

1

Before-the-event cyber risk management and advisory

Cyber risk assessment and management, drafting policies and procedures, contractual review, data protection compliance and policies, regulatory compliance, procurement (such as contractor vetting and contractual protections), data retention and insurance.

 

2

Incident response

Full incident management, advice on discrete elements, investigating and coordinating the response in conjunction with internal or third party technical incident response teams, regulatory notifications and reporting, liaison with data protection authorities and law enforcement, management of communications with affected parties and the media, handling of any ensuing litigation (including class actions).

 

3

Transactional and project work

Advice on cyber and data security issues as part of transactional work, joint ventures, projects work and outsourcing including cyber security due diligence, supply chain risk management or contractual reviews.

 

OUR APPROACH

We approach cyber security on the basis of the full cyber security lifecycle (for example as embodied in NIST's cyber security framework), which we summarise below:

Identify - threat / risk assessment
Detect
Respond
Recover

 

We tailor our approach to your business, working flexibly with your existing cyber teams, and any existing policies and procedures to provide bespoke and practical advice as required. We can also draw upon our local country and regional experts. Many of our team have technical backgrounds, enabling them to understand the technical causes and implications of cyber issues, and to work seamlessly with your internal IT teams or third party technical consultants.

Our global coverage enables us to offer 24/7 incident response, advice and assistance where necessary.

 


 

Our data breach response capability

Cyber security incidents and data breaches require an immediate, decisive and multi-disciplinary response. We offer this through our unrivalled breadth and depth of expertise spanning cyber security, data privacy, financial services regulatory, corporate crime and investigations, dispute resolution, insurance and employment.

Breaches frequently cross geographical and jurisdictional borders. We have experts in our 27 global offices together with a network of ‘best-friend’ firms enabling us to assist you wherever you need it.

We will immediately assemble the right team to be by your side in those crucial first hours and days of a crisis. We will support you to respond quickly and to mitigate the risks arising from the incident. We have decades of experience helping clients take control of all aspects of crises.

We can liaise with regulators where necessary, and have proprietary tools to assist in identifying what personal data has been breached so that it can be reviewed and assessed quickly and accurately in order to inform notification decisions.

We can help to address disputes and claims arising from an incident through our top tier dispute resolution and class action practice, and can also assist with obtaining injunctions to contain incidents where personal data or intellectual property are published online.

Our cyber insurance experts know how to manage cover and recovery in a cyber-incident to limit the financial impact that a breach could have.

DATA BREACH ANALYTICS

We have developed an in-house software tool and workflow to work as part of our multi-disciplinary approach which helps us, efficiently and cost effectively, to identify the personal data that has been compromised and the risk it poses to the individuals concerned.

This will put structure around unstructured data by rapidly identifying the most significant and sensitive personally identifiable information and prioritising that for review. The tool helps to identify where the affected data subjects are and helps produce distribution lists for subsequent notification, thereby providing not only a swift decisive response to the incident but also aiding compliance with the GDPR and other international data protection regulation.

Our software and workflow brings together our global legal experts, our global Alternative Legal Services document review teams and Legal Process Management teams to provide a seamless and cost effective process. This complements our best-in-class document review platform (Relativity) which offers powerful predictive coding and keyword searching capabilities to assist in the review of the compromised materials.


Accolades

Andrew Moir, Head of Global Cyber and Data Security "brings a unique blend of deep legal and technical IT expertise."

Legal 500, data protection and cyber security, 2019
Miriam Everett

Miriam Everett, Head of Data Protection "provides technically sound advice and is commercial in her approach."

Legal 500, data protection and cyber security 2018

“Very good at advising on the cutting-edge developments in this area”

Chambers 2017, Data Protection and Cyber security

“Fantastic level of service, paired with very responsive and practical guidance and an efficient approach”

Legal 500 UK 2017 Risk Advisory, Data Protection, Privacy and Cyber Security
The Data Economy

Data has evolved to become the lifeblood of global trade. Data connects almost every aspect of modern life, and the commercial value and opportunities attributed to data have increased dramatically in ways that were not previously possible.

Find out more

Recent Experience

a Russian subsidiary of Kerama Marazzi

We advised a Russian subsidiary of Kerama Marazzi on various issues arising in connection with system failure caused by NotPetya, including issues on force majeure, notifications to counter parties, whether the client could continue retail trading with inoperable cash registers, and liaison with law enforcement.

an online retailer

We advised an online retailer following the online publication of a vulnerability in its Android and iPhone apps by a “white-hat” hacker, following which customer data was systematically extracted and published. We advised on the best approach to managing the fallout from the data breach, including data protection and privacy advice, liaising with the data privacy regulators in the UK and Australia, and managing communications to the affected data subjects and the media. 

a consortium of global banks

We advised a consortium of global banks on establishing the Cyber Defence Alliance – a cyber security intelligence sharing joint venture. This included incorporating the necessary corporate entities, advising on the information sharing protocol, advising on data protection issues around aggregation and pooling of log information and advising on competition law issues in relation to avoiding sharing company sensitive information. 

an international bank

We advised an international bank on the creation of a Global Information Security Framework for all its global entities, involving the drafting of policies, guidelines regarding personal data, banking secrecy, cyber crime, data-leaks, and usage of social networks. 

a cyber forensics consultancy

We advised a cyber forensics consultancy on the legal considerations around maintaining a database containing compromised user credentials sourced from the open and dark web, and in particular the criminal and regulatory issues around paying for such data as well as the data protection issues concerning the measures necessary to protect the data.

a US fashion company

We advised a US fashion company in relation to a cyber attack in which the client’s Managing Director’s email account was hacked, allowing the hacker to pose as the Managing Director and send instructions to the company’s Financial Controller to transfer funds from the US to a bank account in Hong Kong. We put a freezing order on the account, traced the perpetrator, commenced civil proceedings and the client ultimately recovered its funds plus the costs of the civil proceedings.

  •