You are here

Cyber risk advisory

Legal, technical and commercial expertise to keep your business cyber secure


At Herbert Smith Freehills, we understand that managing cyber risk is one of the highest priorities for our clients. This is why we have built a dedicated cyber practice to provide 360-degree cyber risk management and incident response services. 

Whether your challenge relates to ransomware, cyber extortion, corporate espionage, inadvertent disclosure, advanced persistent threat, or something else – we have the subject matter expertise to assist you.  With a ‘follow the sun’ model, 26 offices worldwide and an established network of trusted best-friend firms, our teams can provide assistance wherever and whenever you need it.  Our practice brings together subject matter expertise across data privacy, insurance, regulatory, compliance, corporate governance, disputes and more to provide a complete end-to-end service for your needs.  Our multi-disciplinary team have backgrounds in IT, forensics and cyber security, and can “speak the same language” as your technical teams.

Leading multinationals turn to us as their trusted advisers across the full cyber risk management lifecycle. We can help you with all your cyber security needs, including:

Our risk management and advisory services include developing incident response plans, delivering cyber incident simulations, advising Boards, reviewing policies and procedures, and uplifting overall cyber resilience.

We offer 24/7/365 cyber incident response standby retainers.  We recognise that one size does not fit all when it comes to cyber.  We tailor our services to fit exactly what you need, are independent and can work with any forensic, IT or other providers of your choosing.  Should an incident occur, we are your trusted crisis management advisers.  Our experts can provide bespoke advice to guide you through the incident and its aftermath, including working with you to manage ransomware negotiations, media and communications strategies, law enforcement and regulator engagement, supplier and customer disputes, realising insurance recoveries, class actions and more.

Our 350+ strong global team of data and technology specialists can provide the full suite of data breach analytics services,  including processing, analysis, analytics and hosting services, to get to the heart of compromised data and to understand the issues it presents.


Recent Experience

A telecoms company

We advised a telecoms company in relation to a state-sponsored advanced persistent threat (APT) cyber security incident which was detected during its acquisition of a data centre and subsea cable capacity provider, and resulted in customer data being exfiltrated. This included advising on data protection compliance issues and how to deal with the liability for the incident in the context of the corporate transaction.

a rail company

We advised a rail company in relation to the cyber security aspects of the procurement and roll-out of a digital train control and signalling system.

a Russian subsidiary of Kerama Marazzi

We advised a Russian subsidiary of Kerama Marazzi on various issues arising in connection with system failure caused by NotPetya, including issues on force majeure, notifications to counter parties, whether the client could continue retail trading with inoperable cash registers, and liaison with law enforcement.

an online retailer

We advised an online retailer following the online publication of a vulnerability in its Android and iPhone apps by a “white-hat” hacker, following which customer data was systematically extracted and published. We advised on the best approach to managing the fallout from the data breach, including data protection and privacy advice, liaising with the data privacy regulators in the UK and Australia, and managing communications to the affected data subjects and the media. 

a consortium of global banks

We advised a consortium of global banks on establishing the Cyber Defence Alliance – a cyber security intelligence sharing joint venture. This included incorporating the necessary corporate entities, advising on the information sharing protocol, advising on data protection issues around aggregation and pooling of log information and advising on competition law issues in relation to avoiding sharing company sensitive information. 

an international bank

We advised an international bank on the creation of a Global Information Security Framework for all its global entities, involving the drafting of policies, guidelines regarding personal data, banking secrecy, cyber crime, data-leaks, and usage of social networks. 

Insights and updates

31st May 2023
From ransomware to electronic warfare, the digital world has grown perilous. Our latest TechQuake instalment...
12th May 2023
As the dust settles on the 2023-24 federal budget, we thought it would be useful...
18th April 2023
On 21 February 2023 the Australian Government released its response ( Response ) to the...
17th April 2023
On 15 April 2023, the consultation period for the 2023 – 2030 Australian Cyber Security...

Our People