Supporting clients in relation to cyber risk across the full spectrum of preparedness, incident response and investigations.

The cyber threat continues to present a range of challenges to corporations. The threat is changing as cyber criminals look for new methods of attack, both through supply chains and using ever-evolving ransomware capabilities. The regulatory landscape is also developing, with new and amended cyber laws as well as the risk of increasing fines.

Our Cyber Hub has the multi-disciplinary expertise and industry knowledge to advise clients across the full spectrum of preparedness, incident response and investigations. Our hub is made up of legal experts from our corporate, data privacy, digital and technology, dispute and investigations, financial services, financing, and IP teams. They have access to a network of cyber industry experts, regulator contacts and relationship firms across the world which means we can assemble a global team to tackle your cyber crisis, whatever your sector.

We help our clients understand and mitigate cyber risks, both in their business-as-usual operations, and when engaging in activities which raise specific cyber concerns. We build trust with senior stakeholders and create a roadmap to help prevent, and (where necessary) navigate a cyber attack, within each client’s own corporate risk appetite.

We help clients with:

  • Cyber preparedness: we develop cyber risk management frameworks to enable clients to assess their compliance with laws, regulation and best practice. Our hub helps clients to be prepared for cyber breaches, including preparedness checklists, tailored cyber response plans, running training for business functions, executive teams and Boards, and coordinating attack simulation activities. 
  • Incident response: we work closely with clients to help them respond to a breach. This includes advising the Board, coordinating investigation of the breach and liaising with regulators and third parties. Ransomware attacks and supply chain breaches have kept our team particularly busy in recent times. We provide around the clock support to ensure the right decisions are made in a timely manner and provide a calm, measured response to a highly stressful situation.
  • Corporate governance: we advise clients on their reporting obligations around cyber and support GCs, Co-secs and others to ensure the Board and other executive stakeholders are aware of their cyber risk management and reporting responsibilities. This includes providing tailored training for legal and executive teams as well as the Board and NEDs.
  • Investigations and claims: we support our clients with all internal investigations following a cyber attack and provide strategic advice on any regulatory investigations and civil claims.

Key experience

Interserve on a ransomware attack

We advised Interserve, a multinational distribution and outsourcing company, in respect of a ransomware attack affecting its UK and Irish operations and data subjects across multi-jurisdictions in Europe and the Middle East. We advised on the approach to the investigation, including liaising with forensic IT experts, preparing the regulatory notifications, responding to regulators’ questions and helping manage stakeholder communications.

Bupa on aspects of a global data breach

We advised Bupa on aspects of its global data breach affecting 500,000 customers and involving regulatory enforcement action across approximately 60 jurisdictions. This included formal notifications to various regulators, and bringing urgent proceedings against individuals (known and unknown) responsible for the breach.

An international media and production company on data breach preparedness

We advised an international media and production company, with HQs in the UK, Europe and the US, on their data breach preparedness. We are leading the coordination of cyber consultants and subject experts across each jurisdiction to build contingency plans and response playbooks, and to train senior management and others on their use in simulated incidents.

A multinational defence company on its response to a cyber attack

We advised a multinational company in the defence sector on its response to a cyber attack which impacted its global operations. We provided advice from over 10+ jurisdictions across Europe, the Middle East, Africa and the US, coordinating at senior board and management level on its engagement with cyber criminals, addressing the question of ransom payment, and the investigations and regulator engagement following the attack.

Cyber security and ransomware scenarios

We advised the board of a major manufacturing group on directors’ duties and sanctions risks in relation to cyber security and ransomware scenarios. This is an example of the type of corporate governance and Board support that we provide to many of our major clients to help senior stakeholders understand their roles and responsibilities around cyber.

Key Contacts