You are here

Cyber Security

Legal, technical and commercial expertise to keep your business cyber secure


Strategies that make the most of technology bring significant efficiencies and growth opportunities, but also a range of risks. 

Our global cyber security team comprises specialists who combine legal, technical and commercial expertise to help global corporates, utilities and financial institutions manage their cyber security.

We work with our clients across the full cyber security life cycle, helping to design and embed cyber security policies and procedures, including incident response planning, training and education. We also advise on regulatory compliance (such as financial services regulation and data protection), procurement and supply chain risk – including contractor vetting and cyber contractual provisions, and cyber issues in the context of corporate due diligence, joint ventures, projects and outsourcing.

We also work with in-house legal and technical teams in responding to incidents, and can coordinate or lead your response depending upon your requirements, as well as advising on regulatory notifications and reporting, best practice for working with regulators and law enforcement, litigation and recovery of assets. A number of our lawyers have technical backgrounds so are able to understand the technical causes and implications of cyber issues, as well as being able to work seamlessly with your internal IT teams or third party technical consultants.

We are also instructed by clients through ongoing cyber security retainers, so that we are available to advise on incidents or other issues at short notice. Our global dispute resolution practice is well placed to handle any litigation that arises from an incident. 

Our practice covers three main areas:

Cyber risk management and advisory: Understanding, planning for and mitigating cyber risk is critical in reducing the impact of any breach. We help clients with drafting policies and procedures, training, contractual review, data protection compliance and policies, data retention, regulatory compliance, procurement (such as contractor vetting and contractual protections) and cyber insurance.

Incident response: We can be the primary point of contact for our clients, investigating and coordinating the response in conjunction with third party technical incident response teams as appropriate. We also advise on the legal issues that frequently arise from breaches such as data protection, employment law, intellectual property/confidential information, regulatory, insurance, health & safety and product liability. In particular, we can manage on your behalf necessary regulatory notifications and reporting, liaising with data protection authorities and working with law enforcement as appropriate.  Please see our cyber security hotline page for more information.

Non contentious transactional and project work: Cyber security issues permeate many other fields of legal advice. We frequently advise on cyber security issues as part of, for example, transactional work, joint ventures, projects work and outsourcing.

Recent Experience

A consortium of international banks

Advising in relation to sharing of cyber related intelligence

An international bank

Advising in relation to its global cyber security, data protection and data retention policies and procedures 

A major investment fund manager

Advising in relation to personal data of its customers that had inadvertently been sent to a third party, including as to the requirements to notify the Information Commissioner's Office and/or the Financial Conduct Authority

An international bank

Advising in relation to how to manage the threat from a specific piece of malware which was targeting its customers to acquire their online banking log in credentials and/or other personal information

A major UK corporation

Advising in relation to incident response and the regulatory, data protection and other implications following the theft of a laptop containing personal data of employees

An online retailer

Advising in relation to incident response following customer data having been posted online 

Our People