Skip to content
Sub practice
Sub practice

Cybersecurity

Clients turn to us to manage legal risk in relation to the threat of cyber-attacks as well as when looking for response specialists to ensure they are resilient to cyber-attacks or other data breaches.

Across our international network, our cyber security practitioners advise on all aspects of preventing and reacting to cyber breaches or data incidents. 

Computers, the internet, mobile devices and electronic transactions all play an important and ever-increasing role within the corporate environment, particularly for businesses with a strong online presence. 

But the continued growth of “cyber” technologies and the growing phenomenon of cyber-attacks pose significant risks to businesses. Cyber attackers are often quick to spot the potential vulnerabilities of new technologies and to exploit them to commit civil and criminal offences (and to frustrate detection of those activities). Risks include:

  • damage to reputation
  • business interruption
  • financial loss 
  • litigation 
  • costs
  • loss of IP and confidential information
  • regulatory sanctions

Cyber-security is about prevention of (and/or preparation for) cyber-attacks, but also about reaction once the risk has realised. It requires an integrated approach across traditional security disciplines proactively to understand, detect and respond to advanced and evolving threats. Our practice reflects this. 

Prevention 

The task of managing legal risk in relation to the threat of cyber-attacks has many different components.

Our experience in preventing cyber and information breaches includes advising on:

  • Policies: including with respect to data security, data retention and destruction; privacy impact assessments and risk assessments.
  • Standards: including awareness and understanding of available standards and guidance (eg from BIS, ENISA, EC3, ISO and others).
  • Practices: including education and training programmes, employee monitoring (including ILP and other measures); and penetration testing.
  • Governance: including advising on appropriate structures and processes (eg with respect to service provider selection and management).
  • Contracts: including review and drafting of provisions concerning imposition of security standards (eg specifications, testing and rights to participate, certification, audits, training), governance and control (eg reporting requirements, step in rights, control of announcements and communications with authorities) and liability (eg force majeure, recoverable losses, insurance).
  • Insurance: including reviewing coverage especially exclusions.

Incident response

Allen & Overy’s cross-practice team of cyber-incident response specialists supports clients to ensure they are resilient to cyber-attacks or other data breaches which may impact them or their own client’s services. We act as a partner to make sure you can react quickly and effectively.

Our experience in reacting to cyber and information breaches includes advising on:

  • Coordination: Response coordination, including managing internal stakeholders and external vendors (eg forensic teams).
  • Communications: Advising on approach to, and facilitating, communications (eg with employees, clients, media, and others). 
  • Investigations: Assisting with investigations by law enforcement authorities and regulators (including the ICO), including preparation and review of reports. 
  • Civil remedies: Pro-active response and civil remedies (including Emergency Injunctions, Search Orders, Freezing Injunctions and Disclosure Orders).
  • Reporting: Advising on reporting obligations (eg to markets, insurers, counterparties, regulators).
  • “Wash up”: dealing with post-incident actions, including liaison with regulators, defence of civil claims and employee (eg disciplinary) issues.

Download our brochure

Zoomed-in image of an electrical circuit

Our cybersecurity practice 

Computers, the internet, mobile devices and electronic transactions all play an important and ever-increasing role within the corporate environment, particularly for businesses with a strong online presence or with high volumes of customer data or other electronically stored information

Key cybersecurity documents and regulations

The International Comparative Legal Guide: Cybersecurity 2021

Read more

News & insights

Blog Post: 14 JUNE 2021

European Commission proposes framework for European Digital Identity

The European Commission announced its proposal for a regulation that will amend the EU eIDAS Regulation and establish a framework for a European Digital Identity (the Proposal)(3 June 2021). 

Read more
How EasyMile is tackling the under-30mph market and the impact of the pandemic on the autonomous vehicle industry

Publications: 09 JUNE 2021

Propel: "Secure first, then ride." V2X technology and enhancing the safety of self-driving vehicles

New York partner Paul Keller interviews Jaeson Yoo, Chief Strategy Officer of Autocrypt, a leading V2X provider that offers services and solutions to secure communication lines between connected and…

Read more
DORA – Enhancing digital resilience for the financial sector

Publications: 11 MAY 2021

DORA – Enhancing digital resilience for the financial sector and its ICT service providers is more important than ever

The future of finance is digital. The increased reliance on technology in finance heightens the vulnerability of ICT systems and worsens the impact of a potential cyberattack. To this end, the…

Read more
cityscape image taken at night with data style web applied on top

Publications: 02 MARCH 2021

Update from on the ground: Draft Cyber Security Law – Implications for business in the ICT sector in Myanmar

On the morning of 1 February 2021, in response to allegations of voter fraud, Vice-President Myint Swe (who has since assumed the role of acting President) declared a State of Emergency for one year…

Read more

Digital transformation

Digital transformation, built on the IT cornerstones of cloud, mobile, social and big data is affecting all industries.

Our integrated, multidisciplinary teams are available to help clients smooth the path for digital projects.

View related products

Related content