Strategies that make the most of technology bring significant efficiencies and growth opportunities, but also a range of risks.
Our global cyber security team comprises specialists who combine legal, technical and commercial expertise to help global corporates, utilities and financial institutions manage their cyber security.
We work with our clients across the full cyber security life cycle, helping to design and embed cyber security policies and procedures, including incident response planning, training and education. We also advise on regulatory compliance (such as financial services regulation and data protection), procurement and supply chain risk – including contractor vetting and cyber contractual provisions, and cyber issues in the context of corporate due diligence, joint ventures, projects and outsourcing.
We also work with in-house legal and technical teams in responding to incidents, and can coordinate or lead your response depending upon your requirements, as well as advising on regulatory notifications and reporting, best practice for working with regulators and law enforcement, litigation and recovery of assets. A number of our lawyers have technical backgrounds so are able to understand the technical causes and implications of cyber issues, as well as being able to work seamlessly with your internal IT teams or third party technical consultants.
We are also instructed by clients through ongoing cyber security retainers, so that we are available to advise on incidents or other issues at short notice. Our global dispute resolution practice is well placed to handle any litigation that arises from an incident.
Our practice covers three main areas:
Cyber risk management and advisory: Understanding, planning for and mitigating cyber risk is critical in reducing the impact of any breach. We help clients with drafting policies and procedures, training, contractual review, data protection compliance and policies, data retention, regulatory compliance, procurement (such as contractor vetting and contractual protections) and cyber insurance.
Incident response: We can be the primary point of contact for our clients, investigating and coordinating the response in conjunction with third party technical incident response teams as appropriate. We also advise on the legal issues that frequently arise from breaches such as data protection, employment law, intellectual property/confidential information, regulatory, insurance, health & safety and product liability. In particular, we can manage on your behalf necessary regulatory notifications and reporting, liaising with data protection authorities and working with law enforcement as appropriate. Please see our cyber security hotline page for more information.
Non contentious transactional and project work: Cyber security issues permeate many other fields of legal advice. We frequently advise on cyber security issues as part of, for example, transactional work, joint ventures, projects work and outsourcing.
A consortium of international banks
Advising on establishing the Cyber Defence Alliance – a cyber security intelligence sharing joint venture
A global financial services company
We are appointed as the sole APAC and EMEA cyber security counsel to a global financial services company to assist in managing cyber security risks and incidents across 26 countries
A global company
Acting for a global company in relation to incident response following the inadvertent disclosure of its global HR database to an unrelated third party by one of its cloud service providers. The incident affected employees in multiple jurisdictions across Australasia, Europe and the Americas
A leading US luxury fashion brand
Advising a leading US luxury fashion brand in relation to a "whaling" attack which caused the company's Financial Controller to transfer funds from the US to a bank account in Hong Kong. We advised on working with law enforcement, put a freezing order on the account, and were successful in garnishee proceedings against a Hong Kong bank, requiring the bank to transfer the stolen funds back to our client. Ultimately, the client recovered its funds plus the costs of the civil proceedings
A Russian subsidiary of an industrial manufacturer
A Russian subsidiary of an industrial manufacturer on various issues arising in connection with system failures caused by the Petya malware, whether this may qualify as a force majeure, whether notifications have to be sent to their counterparties, whether they
may continue retail trading with inoperable cash registers, whether they need to report to the police and what would be the consequences of any potential investigation
A global investment bank
Advising a global investment bank in relation to a cyber security attack which saw $40 million taken from a number of accounts, including reporting to and subsequent liaison with the relevant regulators, and on litigation by the account holders seeking to recover their losses from the bank