You are here

Cyber Security

Legal, technical and commercial expertise to keep your business cyber secure


Strategies that make the most of technology bring significant efficiencies and growth opportunities, but also a range of risks. 

Our global cyber security team comprises specialists who combine legal, technical and commercial expertise to help global corporates, utilities and financial institutions manage their cyber security.

We work with our clients across the full cyber security life cycle, helping to design and embed cyber security policies and procedures, including incident response planning, training and education. We also advise on regulatory compliance (such as financial services regulation and data protection), procurement and supply chain risk – including contractor vetting and cyber contractual provisions, and cyber issues in the context of corporate due diligence, joint ventures, projects and outsourcing.

We also work with in-house legal and technical teams in responding to incidents, and can coordinate or lead your response depending upon your requirements, as well as advising on regulatory notifications and reporting, best practice for working with regulators and law enforcement, litigation and recovery of assets. A number of our lawyers have technical backgrounds so are able to understand the technical causes and implications of cyber issues, as well as being able to work seamlessly with your internal IT teams or third party technical consultants.

We are also instructed by clients through ongoing cyber security retainers, so that we are available to advise on incidents or other issues at short notice. Our global dispute resolution practice is well placed to handle any litigation that arises from an incident. 

Our practice covers three main areas:

Cyber risk management and advisory: Understanding, planning for and mitigating cyber risk is critical in reducing the impact of any breach. We help clients with drafting policies and procedures, training, contractual review, data protection compliance and policies, data retention, regulatory compliance, procurement (such as contractor vetting and contractual protections) and cyber insurance.

Incident response: We can be the primary point of contact for our clients, investigating and coordinating the response in conjunction with third party technical incident response teams as appropriate. We also advise on the legal issues that frequently arise from breaches such as data protection, employment law, intellectual property/confidential information, regulatory, insurance, health & safety and product liability. In particular, we can manage on your behalf necessary regulatory notifications and reporting, liaising with data protection authorities and working with law enforcement as appropriate.  Please see our cyber security hotline page for more information.

Non contentious transactional and project work: Cyber security issues permeate many other fields of legal advice. We frequently advise on cyber security issues as part of, for example, transactional work, joint ventures, projects work and outsourcing.

Cyber security Updates

Cyber Security Quarterly Update – June 2017

June 2017

Our quarterly eBulletin provides a round-up of best practice, news and legislative developments concerning cyber security in Europe, Asia, Australia and the USA. Read more >


Cyber Security Quarterly Update – March 2017

March 2017

Our quarterly eBulletin provides a round-up of best practice, news and legislative developments concerning cyber security in Europe, Asia, Australia and the USA. Read more >


TalkTalk, no action? UK Information Commissioner issues record fine of £400,000 for TalkTalk's cyber security breach

December 2016

On 5 October 2016, the Information Commissioner's Office issued TalkTalk Telecom Group plc with a record £400,000 monetary penalty notice. Read more >


The Digital Single Market: Where Are we Now?

November 2016

The European Commission's Digital Single Market Strategy ("DSM Strategy") was published in May 2015 and included a set of 16 targeted initiatives and actions to be delivered by the end of this year. The aim of the DSM Strategy was to create a Digital Single Market, where the free movement of goods, persons, services and capital is ensured — and where citizens and businesses can seamlessly and fairly access online goods and services: whatever their nationality, and wherever they live. Read more >


Cyber Security Quarterly Update – October 2016

October 2016

Our quarterly eBulletin provides a round-up of best practice, news and legislative developments concerning cyber security in Europe, Asia, Australia and the USA. Read more >


Cyber Security Quarterly Round-Up

September 2016

Cyber security affects all businesses and industries and is a Board level agenda item.

This article provides a round-up of best practice, news and legislative developments concerning cyber security in Europe, Asia, Australia and the USA. Read more >


The impact of Brexit on Data Protection and Cyber Security

July 2016

This article summarises a number of unanswered questions in data protection and cyber security legislation brought on by Brexit. Read more >


Battening down the Cyber hatches: EU Council approves Cyber Security Directive

June 2016

On 17 May 2016, the Council of Europe formally adopted the new Network and Information Security Directive (the so-called "Cyber Security Directive"), paving the way for final approval from the European Parliament. Read more >


Australia's Website Blocking Laws are Put to the Test

March 2016

Partner Rebekah Gay explains how Australia's website blocking laws are being used for the first time in a case Village Roadshow has launched against a movie piracy website. Read more >


Cyber Security: Top Ten Tips for Businesses

January 2016

Andrew Moir, Nick Pantlin, Miriam Everett and Nic Ruesink-Brown of Herbert Smith Freehills LLP look at the growing risk of cyber threats and set out ten steps that businesses can take in order to prepare for, and react to, a cyber attack. Read more >

Subscribe to our Cyber Security Updates

Visit our GDPR hub

Recent Experience

A consortium of international banks

Advising  on establishing the Cyber Defence Alliance – a cyber security intelligence sharing joint venture

A global financial services company

We are appointed as the sole APAC and EMEA cyber security counsel to a global financial services company to assist in managing cyber security risks and incidents across 26 countries

A global company

Acting  for a global company in relation to incident response following the inadvertent disclosure of its global HR database to an unrelated third party by one of its cloud service providers. The incident affected employees in multiple jurisdictions across Australasia, Europe and the Americas

A leading US luxury fashion brand

Advising a leading US luxury fashion brand in relation to a "whaling" attack which caused the company's Financial Controller to transfer funds from the US to a bank account in Hong Kong. We advised on working with law enforcement, put a freezing order on the account, and were successful in garnishee proceedings against a Hong Kong bank, requiring the bank to transfer the stolen funds back to our client. Ultimately, the client recovered its funds plus the costs of the civil proceedings

A Russian subsidiary of an industrial manufacturer

A Russian subsidiary of an industrial manufacturer on various issues arising in connection with system failures caused by the Petya malware, whether this may qualify as a force majeure, whether notifications have to be sent to their counterparties, whether they 
may continue retail trading with inoperable cash registers, whether they need to report to the police and what would be the consequences of any potential investigation


A global investment bank

Advising a global investment bank in relation to a cyber security attack which saw $40 million taken from a number of accounts, including reporting to and subsequent liaison with the relevant regulators, and on litigation by the account holders seeking to recover their losses from the bank