HOW WE CAN HELP
Devices are starting to outnumber people and increasingly the future of work means more people are connecting to IT networks remotely, heightening the risk of your organisation’s data being inadvertently compromised or stolen through human error or an act of corporate espionage. At the same time, cyber-attacks are becoming more sophisticated and harder to detect. Organisations need to have a plan on how they will protect themselves from, and respond to, cybersecurity incidents.
Our multi-disciplinary approach involves working with you to identify your specific business and compliance risks, corporate governance responsibilities, litigation risks, and disclosure and notification obligations. We also provide 'on the spot' advice, which is critical to an effective cyber response and preventing a breach from compromising your data and your business.
Our services
- Data breach response: We will provide you with comprehensive advice to guide decision-making for senior leaders and crisis response teams.
- Computer forensic literacy: Forensic examinations have shown that some cyber incidents have continued for years before they are detected. We analyse your computer systems to identify threats, obtain evidence of malicious activity and help defend you and your market reputation.
- Collaboration with cyber security professionals: We collaborate with specialised technical consultants from both Australia and the United States to assist you with best practice approaches in relation to enterprise risk management.
- Work with in-house teams: The in-house legal team has a critical role to play – both on the preventative front, and with response and mitigation if there is a breach or incident. We will work with your in-house teams to:
- engage with the corporate functions on a multi-disciplinary basis to update policies and procedures and embed best practice cross-organisational approaches;
- engage with senior management / the board on digital and cyber risks, ensuring that they are obtaining the necessary information on an ongoing basis, and that key policies have been put in place, effectively communicated to employees and being enforced; and
- establish an incident response plan to be ready for any cyber or digital breach which may occur.
- Ransom demands: We have advised a number of clients who have suffered ransomware attacks or otherwise been the subject of ransom demands. We have assisted in the development of guidelines for responding to such demands, strategies for containing ransomware risks and remediating its effects and have participated in ransom negotiations with third party actors. We have also advised in respect of legal risks associated with payment of ransom demands, including under the Criminal Code Act.
- Regulatory investigations: We regularly manage regulatory investigations that relate to cyber security and data protection matters, particularly involving the OAIC but also ASIC, including in the context of data related obligations under the Corporations Act and Financial Services Laws.
- Class actions: We have advised our clients on data breaches and associated privacy class actions in this emerging area in Australia.
- Third party risk: We will assist you with the management of cyber risks associated with third party access to client and customer data, including service providers. This includes advice in connection with both third-party service providers, including in the context of CPS 234, and data commercialisation activities.
- Compliance audits and reviews: We will perform a detailed audit and review of data practices in order to assess your organisation's compliance with data-related requirements.
Our regulatory and corporate teams are experienced in dealing with the regulators that need to be notified in relation to, cybersecurity issues, including the OAIC, ASIC and APRA.
The digital landscape is the new battleground for organisations managing commercial and reputational risk. With cyber-attacks, data breaches, and major technology vendor failures all presenting a potential threat to your business, we can help you to prepare your breach response plan, manage your reputation and ensure your business is not adversely affected as a result of a cyber-attack.
On a malware cyber-attack by which the perpetrator obtained our client’s highly confidential information and data.
On a malicious attack by actors located in Africa on the Australian arm of a major international shipping line.
On a cyber-breach involving a possible fraud arising out of compromise to the supplier’s systems, and misdirection of payment via a business email scam.
On the response to the regulatory investigation, including settlement proceedings about its presentation of patient reviews and sharing patient information with third parties.
On the preparation and delivery of a privacy impact assessment regarding the proposed use of travel data (including Opal data) as part of the ECTMS project.
On a significant data breach suffered by its JV partner, including support through each stage of responding to Australian regulatory obligations.
On the response to a major security incident by its IT outsourcer, including analysis of contractual obligations and legal claims and negotiation of settlements.
On a large-scale cybersecurity breach of a venture capital company which was focused on employees who held sensitive information about investors and other individuals.
On several transactions involving the cross-border transfer of sensitive personal information, including the necessary protections required to meet state and commonwealth laws.
