Cyber Security

In recent times there has been a marked shift in perception of cyber-security events.  Organisations who are subject to a breach are no longer being seen as a “victim” of a hacking crime, but delinquent actors who did not take proper steps to secure their assets. 

Our Approach

We believe that cybersecurity needs to break the mould of being thought of as just an issue for the IT team. It fundamentally requires a multi-disciplinary response. Internally, cybersecurity needs to involve IT, legal, risk, regulatory, PR and customer-facing operations. Externally, cybersecurity may need to involve external lawyers, forensic teams and PR advisers.

Organisations need to have a plan on how they will respond to cybersecurity incidents. The last thing an organisation wants to be doing in the face of a serious cybersecurity incident is develop its approach and policy on the fly, distracting from the task of dealing with the incident and creating confusion about who needs to be involved and who is empowered to make decisions that may affect your organisation’s reputation. APRA and ASIC-regulated entities are likely to already be under an obligation to have such plans in place as part of their required risk-management obligations.

We have more than a decade of experience in conducting and managing the investigation of online data breaches and computer hacking in a range of industry sectors including retailing, financial services, entertainment and ICT. Much of our investigating and enforcement work is confidential for obvious reasons.

Our experience includes:

  • Investigation of code hacking of entertainment products giving unauthorised access and control over remote computer systems, including gathering and analysis of forensic information, preparation and execution of a strategy to confront the suspect, and securing a result to minimise further unauthorised and hacking behaviour. The suspect was subsequently turned into an informant.
  • Investigation of international hacking ring via a major participant in Australia, including analysis of data locating suspect, preparation and execution of a plan for direct contact, management and resolution of the claim to achieve result, and capturing of data as evidence concerning remote assets used by accomplices.
  • Assisting a large Australian corporate to respond to a major security incident by its IT outsourcer, including analysis of contractual obligations and legal claims, and negotiation and documentation of monetary and non-monetary settlements.
  • Working with a major electronics manufacturer to identify a computer network hacker, and liaising with the state police force and arranging surveillance on the suspect.
  • Investigating the use of Trojan and tunnelling software by a rival trader to extract critical information through unauthorised access to our client’s computer system, including filing of legal proceedings to retrieve disclosure of information by way of preliminary discovery and resolution of unauthorised access claim.
  • Working with IT forensic investigators and lawyers in the US and Austria to identify a syndicate responsible for developing tools that were designed to circumvent copy control software. Using Australian court processes to obtain orders in the Federal Court of Australia to obtain the contact details of the people using those IP addresses and for the purposes of executing search orders at their homes

Planning for and dealing with cybersecurity breaches requires a multi-disciplinary team with deep technology and data protection expertise:

  • Privacy and data: our privacy and data team understands that privacy compliance does not start and end with the preparation of a privacy or cybersecurity policy, but that an organisation’s handling of personal information and sensitive data must reflect privacy and security-by-design.
  • Regulatory: our regulatory and corporate teams are accustomed to dealing with regulators that have an interest in, and may need to be notified in relation to, cybersecurity issues, including the OAIC, ASIC and APRA.
  • Litigation: our litigation group includes a dedicated team of over 25 lawyers who focus on protecting data and commercially sensitive information. Over the last decade we have run some of the country’s most high profile disputes in relation to IP and commercially sensitive information, and routinely work with IT forensic providers to investigate and respond to cybersecurity breaches.
  • Technology: we have one of the largest dedicated technology legal teams in Australia. Our team understands technology and risk, and work with our clients to focus on key issues in a complex and fast-moving technology landscape.

Leading directories and clients alike recognise our “distinguished capability in developing areas of the technology industry, including cybersecurity, data and privacy and blockchain projects.” With a "very strong regulatory practice that is excellent in IT contract negotiations."