Implementing effective cybersecurity measures is particularly challenging in today’s digital world and hyper-connected global economy. Devices are starting to outnumber people and increasingly the future of work means more people are connecting to IT networks remotely, heightening the risk of your organisation’s data being inadvertently compromised or stolen through human error or an act of corporate espionage. At the same time cyber-attacks are becoming more sophisticated and harder to detect. Organisations need to have a plan on how they will protect themselves from, and respond to, cybersecurity incidents.
Our approach is multi-disciplinary and involves working with you to identify your specific business and compliance risks, corporate governance responsibilities, litigation risks and disclosure and notification obligations. We can also provide “on the spot” advice, which is critical to an effective cyber response and preventing a breach from compromising your data and your business.
How we can help:
- Data Breach response: We will provide you with comprehensive advice to guide decision-making for both senior leaders and crisis response teams.
- Computer forensic literacy: Forensic examinations have shown that some cyber incidents have continued for years before being detected. We will provide a computer forensic analysis of your computer systems to identify threats, obtain evidence of malicious activity and help defend you and your market reputation.
- Collaboration with cyber security professionals: We collaborate with specialised technical consultants from both Australia and the United States to assist you with best practice approaches in relation to enterprise risk management.
- Work with in-house teams: The in-house legal team has a critical role to play – both on the preventative front, and with response and mitigation if there is a breach or incident. We will work with your in-house teams to:
- engage with the corporate functions on a multi-disciplinary basis to update policies and procedures and embed best practice cross-organisational approaches;
- engage with senior management / the board on digital and cyber risks, ensuring that they are obtaining the necessary information on an ongoing basis, and that key policies have been put in place, effectively communicated to employees and being enforced; and
- establish an incident response plan to be ready for any cyber or digital breach which may occur.
- Ransom demands: We have advised a number of clients who have suffered ransomware attacks or otherwise been the subject of ransom demands. We have assisted in the development of guidelines for responding to such demands, strategies for containing ransomware risks and remediating its effects and have participated in ransom negotiations with third party actors. We have also advised in respect of legal risks associated with payment of ransom demands, including under the Criminal Code Act.
- Regulatory investigations: We regularly manage regulatory investigations that relate to cyber security and data protection matters, particularly involving the OAIC but also ASIC, including in the context of data related obligations under the Corporations Act and Financial Services Laws.
- Class actions: We have advised our clients on data breaches and associated privacy class actions in this emerging area in Australia.
- Third party risk: We will assist you with the management of cyber risks associated with third party access to client and customer data, including service providers. This includes advice in connection with both third-party service providers, including in the context of CPS 234, but also in relation to data commercialisation activities.
- Compliance audits and reviews: We will perform a detailed audit and review of data practices in order to assess your organisations’ compliance with data-related requirements.
We understand the latest regulations
Our regulatory and corporate teams are experienced in dealing with the regulators that need to be notified in relation to, cybersecurity issues, including the OAIC, ASIC and APRA.
We understand the landscape
The digital landscape is the new battleground for organisations when it comes to managing both commercial and reputational risk. With cyber-attacks, data breaches and major technology vendor failures all presenting a potential threat to your business, we can help you to prepare your breach response plan, manage your reputation and ensure your business is not adversely affected as a result of a cyber-attack.
Organisations and leadership teams need to break against the mindset that cybersecurity is an issue for the IT department. Within the business, mitigating against the risk of a cyber-attack and implementing best practice cybersecurity policies and protocols must involve IT, legal, risk, regulatory, public relations and customer-facing operations teams. Externally, responding to cybersecurity incidents may need to involve external lawyers, forensic teams and PR advisers.
We offer advice across all legal aspects of cyber security, resilience and responses. We have advised on major cyber breach responses and investigations, notifiable breach scenarios, counselling on legal risk and liability, liaison with law enforcement and agencies and devising efficient and practical solutions to address cyber events and their impacts.
Our experience includes:
RESOURCES COMPANY: Advising on a malware cyber-attack on our client’s information technology supplier, by which the perpetrator obtained our client’s highly confidential information and data, with potential business critical impact which required restoration of data damaged during the attack.
MAJOR SHIPPING LINE: Advising on one of the earliest cybersecurity breaches under the NDB scheme. The breach involved a malicious attack by actors located in Africa on the Australian arm of a major international shipping line.
FINANCIAL SERVICES COMPANY: Advising a cyber-breach involving our client’s information technology supplier. The cyber incident involved a possible fraud arising out of compromise to the supplier’s systems, and misdirection of payment via a business email scam.
ONLINE HEALTH COMPANY: Advising Australian online health booking provider in response to the regulatory investigation, including settlement proceedings relating to its presentation of patient reviews and sharing of patient information with third parties.
GOVERNMENT AGENCY: Advising on the preparation and delivery of a privacy impact assessment regarding the proposed use of travel data (including Opal data) as part of the ECTMS project.
INTERNATIONAL PROPERTY COMPANY: Advising on a significant data breach suffered by its JV partner, including support through each stage of responding to Australian regulatory obligations.
AUSTRALIAN CORPORATE: Assisting a large Australian corporate to respond to a major security incident by its IT outsourcer, including analysis of contractual obligations and legal claims, as well as negotiation and documentation of monetary and non-monetary settlements.
VENTURE CAPITAL COMPANY: Advising on a large-scale cybersecurity breach of a venture capital company, in which the malicious attack was focused on employees who held particularly sensitive information about investors and other individuals.
GOVERNMENT AGENCY: Advising on a number of transactions involving the cross-border transfer of sensitive personal information, including the necessary protections required to meet various State and Commonwealth laws.
GLOBAL PAYMENTS PROVIDER: Advising in relation to a cyber incident regarding their Asia Pacific infrastructure which hosted millions of sensitive credit card details.
INTERNATIONAL PROPERTY COMPANY: Advising on its response to a data incident, including analysis and advice regarding their obligations to disclose the data incident, and preparing notifications to affected individuals and the Office of the Information Commissioner (OAIC).
Awards + Recognition
Ranked Band 1 for IT & Telecommunications
Ranked Tier 1 for IT and Telecommunications
Ranked Tier 1 for Data Protection
G+T is “An Australian leader in digital practice and privacy,” and that the team is comprised of “Outstanding practitioners with a wealth of transactional and regulatory experience on market-leading deals for key industry clients across multiple industries in the public and private sectors…Dedicated to the emerging technologies market, particularly in the cybersecurity and data protection areas.”
Leading directories and clients alike recognise our “distinguished capability in developing areas of the technology industry, including cybersecurity, data and privacy and blockchain projects.” With a "very strong regulatory practice that is excellent in IT contract negotiations."
The Digital Hub brings together the key issues you need to think about in your business as well as providing practical toolkits and regular updates on the latest digital developments.