Cyber risk & resilience

Overview

Our Cyber Risk & Resilience team is at the forefront of data protection, cyber risks and privacy law. Our team advises clients on all aspects of Australian data protection and privacy law, and assists them to understand their obligations to manage and mitigate these risks.

The work of our Cyber Risk & Resilience team extends from the initial stage of working with third party providers for the procurement of services and, through training with boards for round table simulations, to assisting businesses with their response to a cyber incident.

We also work with insurance industry participants, including London and Australian insurers and underwriters, by providing coverage advice, managing cyber breach responses and drafting cyber policy wording. 

We work with clients to:

• Update relevant policies and response plans.
• Prepare escalation and decision trees.
• Review and update privacy and data collection policies and procedures.
• Ensure procurement compliance with ISO and Privacy Act requirements.
• Respond to cyber incidents.
• Prepare cyber security and cyber resilience plans.
• Develop digital governance frameworks. 
• Undertake digital risk assessments.
• Provide training and table top simulations.

Our team is across regulatory updates, and changing expectations on cyber security. They assess the implications and help clients understand how best to prepare for what lies ahead. 

Our team has eased the stress and distraction of cyber incidents and data breaches for hundreds of companies and individuals by guiding their decisions and actions in a way that leads to prompt system recovery and reduces exposure.

Responding to cyber security requires a multi-disciplinary approach. We work with media relations consultants, forensic IT consultants, data review and ID theft specialists, credit monitoring and notification experts and other experts to ensure clients have access to the full range of expertise needed when confronted with a cyber or data breach incident.

Through contact with members of our team, or our cyber claims notification hotline 1300 4 BREACH (1300 427 3224) we help clients:

• Triage the cyber attack.
• Manage the appointment of forensic IT consultants and other experts if necessary, and ensure the breach source is identified, quarantine and remediated.
• Advise on reporting requirements under the Security Legislation (Critical Infrastructure Protection) Act and, if needed, under the Australia Financial Services Licensee obligations. 
• Advise on cyber insurance and other policies for coverage, and consider potential third-party claims.
• Obtain court injunctions restricting the release of confidential information. 
• Address possible claims particularly regarding ransomware attacks, data breaches and system outages; including third party recoveries.

We act for many underwriters as notification agents and experts in our insurance team have been at the forefront of developing cyber policy wording in many insurance products.

Our team has been consistently recognised for its award-winning work, including nominations and awards in the cyber security sector. This affirmed the practice's growing strength and reputation in cyber security, a field of increasing importance to our clients and the wider community.