Cybersecurity

We work with our clients to build their operational resilience and cyber-readiness with robust, tailored compliance programs and governance processes, which address both their own risks and those posed by their supply chain partners. 

We also help optimize and stress-test cyber incident response plans and map global cyber notification and reporting obligations to help our clients respond efficiently in a crisis and maintain privilege wherever possible.

Our team has provided strategic support to major businesses on many of the biggest and most complex cybersecurity and ransomware incidents of recent years.

We have extensive experience guiding boards and senior executives through every step of their crisis response, helping them to manage investigations, disclosure obligations, and regulatory intervention and litigation, while meeting their legal responsibilities.

Rapid and effective response to cyber incidents 

We help our clients respond rapidly to cyber incidents, including engaging the necessary external vendor support to minimize the impact these incidents can cause. 

We act swiftly to minimize the risks associated with the exfiltration of data, and advise, alongside crisis PR experts, on effective internal and external communications (including with regulators, shareholders, counterparties, and impacted data subjects).

Cyber disputes expertise 

We craft integrated litigation strategies that work across borders to protect our clients’ interests and handle a wide range of disputes arising from cybersecurity incidents, with particular expertise in cross-border cases.  

Our team represents our clients in follow-on disputes and litigation related to data misuse and cyber incidents, including personal data breach class actions, claims for misuse of private information, commercial disputes arising from business interruption, and cyber insurance claims.  

We also advise on disputes arising from business email compromise incidents and cyber-related theft, and on litigation strategies to prevent the dissemination of personal and commercially sensitive data.

Representative matters

• Major global organizations on cyber risk management and incident readiness, at an operational, executive and board level. 
• Clients in a range of sectors on their compliance with cybersecurity-specific legal and regulatory requirements, including in relation to critical national infrastructure. 
• A range of businesses on the implementation of technical and organisational cyber and privacy controls to optimise legal and regulatory readiness on a cross-jurisdictional basis. 
• Organizations on hundreds of cyber incidents affecting their operations and those of their supply chains partners, including ransomware, theft of personal and business sensitive data, denial-of-service attacks, code injection attacks, and cyber-facilitated fraud (such as business  email compromise).
• Politically and societally important organizations on the containment of, and response to, nation-state intrusions and instances of political and industrial espionage. 

• Multiple clients on their engagement with privacy and sector-specific regulators, as well as governmental and law enforcement bodies across the world, following cyber incidents, as well as leading notification programmes to many millions of data subjects.  
• A significant number of post-incident disputes, including personal data breach group actions, business-to-business disputes, claims involving managed security service providers and actions to prevent the misuse of confidential information. 
• A large number of regulatory investigations resulting in no penalties or enforcement action and assisting in appealing and reducing one of the largest fines imposed by a regulator in connection with a cyber incident. 
• Multiple clients on post-incident remediation and improvement plans, to align with international regulatory and industry standards.