Cyberattacks, data breaches and major technology vendor failures all require immediate solutions and expert advice

Cyber resilience is absolutely critical to businesses.

Organisations across all sectors are targets for cyberattacks and are working hard to firm up their security posture, while also navigating a rapidly changing regulatory environment and increasing scrutiny from a broad range of regulators.

How we can help

Our leading cyber and data protection team works closely with organisations to:

  • help prepare for and mitigate cyber risks
  • rapidly respond to cyber events and data breaches
  • manage (and learn from) the fallout.

We have extensive incident response experience, having advised on some of the most complex cyber events worldwide. We have the capability to mobilise our experts quickly and across multiple jurisdictions, and to provide global coordination of your crisis response and strategy.

Cyber risk management and readiness

Being prepared not only minimises the risk of a cyber event or data breach occurring—it also reduces the time to respond to, and the potential impact of, crises that are impossible to predict or avoid.

How can we help?

Our team helps organisations get prepared and resilient by:

  • Governance – undertaking risk and compliance assessments (eg gap analyses), advising on best practice information security risk management and data governance, and assisting with uplifts
  • Regulatory requirements – advising on information security and operational resilience regulatory compliance strategy (including in relation to security of critical infrastructure, telecommunications and privacy laws, CPS 234, the Consumer Data Right regime, the Corporations Act and FIRB conditions)
  • Engaging forensic and other experts – identifying your cyber response panel and negotiating arrangements (in advance) with cyber forensic investigators, cyber extortion negotiation experts and crisis communications firms
  • Response plans – preparing or uplifting incident response plans and playbooks
  • Insurance – advising on cyber insurance policy placement and terms, including the scope of key coverage clauses and exclusions
  • Advice in advance – advising on critical aspects of a cyber response in advance of a cyber event (including on notification requirements, the legality of paying a ransom, sanctions, market disclosures and embedding privilege considerations into any response effort) so that these issues are not being considered for the first time when under extreme time pressure
  • Communications – auditing representations regarding cyber posture, and creating and uplifting template communications (internal and external)
  • Board and executive training, and tabletop exercises – training boards, senior management and incident response teams, assisting with scenario planning and leading war gaming exercises
  • Monitoring – closely monitoring the evolving global threat landscape, regulatory developments and enforcement trends
  • Supply chain management – advising on supply chain management, including procurement and audit processes, and contracting arrangements.
Incident response

Our team has extensive experience advising on a wide range of cyber events and data breaches, including cyber extortion and ransomware attacks, business email compromises, brute force attacks, malicious insider activity, supply chain breaches and inadvertent data breaches. We also work closely with third-party experts, including forensic and other cybercrime specialists and negotiators, payment firms, data review firms, PR agencies, insurers and consumer support organisations.

How can we help?

We help organisations navigate cyber incidents to resolution and can coordinate the end-to-end response or advise on discrete aspects, as required. This includes:

  • Investigations – assisting with internal and external investigations, and advising on privilege issues
  • Forensic and other experts – engaging and working with forensic and other cyber response experts
  • Threat actor engagement – advising on negotiations with threat actors in conjunction with other experts
  • Privacy and sensitivity reviews – reviewing compromised material to identify personal and commercially sensitive information
  • Stakeholder engagement – advising on engagement with media, law enforcement, government agencies, regulators and insurers across jurisdictions, and on regulatory investigations and other enforcement action
  • Advice on directors duties – advising on board and management responsibilities
  • Notifications – advising on breach notification strategy, including preparing and coordinating communications to regulators, affected individuals, the market and other stakeholders
  • Liability – advising on potential claims made by (or against) you
  • Insurance – advising on coverage following the occurrence of a cyber incident and helping to navigate the claims process with your insurer (and any disputes should they arise).
Cyber insurance

Although cyber insurance should not be viewed as a substitute for cyber risk management or good planning, it can be a valuable component of your risk management strategy and will play a role in cyber incident response. We can help navigate and advise on claims under cyber liability insurance, as we have a detailed understanding of the process and the difficulties that may arise in pursuing claims for indemnity.

How can we help?

Our team can assist with:

  • Policy placement and terms – including meeting underwriter requirements and negotiating key terms during renewal that may affect the scope of your cover
  • Engaging forensic and other experts – including identifying your 'cyber panel' (eg forensic advisors, negotiators, PR, payment and data review firms) and obtaining pre-approval of these experts from the insurer
  • Incident response – working with you to embed insurance considerations throughout your incident response journey, including through early notification and engagement of insurers and upfront consideration of coverage issues.
Cyber Insurance Diagnostic

Our Cyber Insurance Diagnostic involves a targeted assessment of your cyber insurance policy terms to:

  • identify issues and flag key risk areas for you to address to help ensure policy coverage in the event of a claim; and
  • provide guidance when establishing your cyber incident response arrangements to help maximise your chance of recovery (eg pre-approving the right cyber incident response experts and building insurer notification and consent requirements into your cyber incident response plans).
To find out more, contact Jonathan Light or one of our cyber experts.
Recovery, review and remediation

Once the worst has passed, we can work with you to manage the fallout, identify key learnings and reassess and uplift systems to minimise the risk of recurrence. 

How can we help?

Our team can assist with:

  • Post incident reviews – conducting incident post-mortems, reports on findings and making practical recommendations for improvement, and assisting with ongoing risk mitigation
  • Uplift – working with internal teams to ensure uplift commitments are communicated, tracked and implemented
  • Liability issues – advising on third-party claims and litigation (including defending class actions and pursuing claims against insurers)
  • Investigations – helping to respond to regulator enquiries and formal investigations, and other engagement with regulators and law enforcement
  • Internal issues – advising on issues relating to malicious insider activity
  • Training – providing training (including for boards, senior executives and incident response teams)
  • Scenarios and simulations – developing and facilitating tailored cyber incident simulation/scenarios for incident response teams, senior management and/or the board.
Class action risk

Data breach class actions are now high risk for consumer-facing organisations that experience a data breach that impacts a large number of customers. The likely introduction of a direct right of action for a breach of the Privacy Act—making it easier for these claims to be brought—will only increase this risk.

How can we help?

Our team can assist with:

  • Risk management – implementing risk minimisation options before proceedings commence, identifying and managing potential regulatory and other contagion exposures, and protecting your business against reputational risks
  • Defence strategy – developing defence strategies canvassing legal and factual matters, and designing innovative options for commercial resolution
  • Proceedings – establishing effective lines of communication and cost-effectively managing the conduct of the proceedings.
Related cyber and data matters

How can we help?

Our team also advises on information security issues in the context of commercial transactions and other business activities, including:

  • mergers and acquisitions
  • digital transformations and procurements
  • corporate and data governance processes
  • data sharing arrangements
  • consumer interactions
  • research and development
  • privacy surveillance advice and internal behavioural monitoring.


Various corporates, including large financial institutions, leading mutual banks, superannuation funds, an insurer, a multinational resources company, a global energy company, and an FMCG business

Advising on their whole-of-group cyber risk management and cyber incident readiness projects.

Various corporates, including large financial institutions, a major telecommunications company, a global gaming company, a managed service provider, a global medical company, a multinational logistics company, PE portfolio companies, and a major hospitality company

Advising on their responses to ransomware and data theft extortion attacks, including on their engagement with breach response experts, insurers, regulators, law enforcement and government agencies, as well as on their notification strategies, market disclosures, data assessments, remediation efforts and third-party claims.

Large financial institutions, superannuation funds and insurers

Advising on cybersecurity compliance assessments and uplifts, including in relation to CPS 234 (Information Security) and draft CPS 230 (Operational Risk Management), and on security of critical infrastructure uplift projects.

Several highly-regulated companies

Advising on their responses to regulator (including OAIC and ACMA) investigations into their data handling practices.

Boards of various Top 50 ASX-listed companies

Advising on cyber risk management, incident response and crisis management, data governance, and related regulatory investigations.

Various corporates, including large financial institutions, superannuation funds, a currency exchange company and others

Providing assistance in satisfying underwriters of cyber resilience at policy renewal and inception, and advising on:

  • negotiation of policy terms with brokers and insurers
  • cyber insurance policy requirements, limits and exclusions
  • claims under cyber liability insurance.