Cyber Security

Security of information is essential for the successful conduct of business, and protection of value and reputation. Cybercriminals are constantly seeking to exploit the value of this information for their own purposes, and are adopting ever changing and more sophisticated techniques to do so – often relying on a combination of weaknesses with systems and people. In addition to being exposed to losses from cybercrime incidents, businesses are exposed to regulatory action and significant penalties, as well as claims from affected individuals.

We understand the devastating impact a cyber incident can have on a business, its staff and its customers. Our team encourages and assists clients to take a proactive approach to the minimisation of cyber risk, but is also well placed to assist if a cyber security breach does occur.

Drawing on the experience of several practice areas, our Cyber Team led by partner Andrew Shute, has a deep understanding of the legal issues surrounding data privacy, cyber security breaches and the growing threat of cybercrime.  We can help your business navigate the complex and constantly evolving cyber security landscape, with our team holding expertise in the following:


Recognised Expertise

Front end legal services, including risk management strategies and advice

Our knowledge of relevant legal obligations, and our broad experience with cyber incidents, enables us to advise in relation to compliance with the Privacy Act 1988 (including drafting privacy policies and data breach response plans), draft contractual clauses for allocating cyber risk, review third party supplier contracts, and provide training to assist you to comply with your obligations.

Cyber insurance 

Our Cyber Team includes specialist insurance partners Michael Gapes in Brisbane, Michael Bath in Sydney and Ben Hall in Melbourne. We work closely with insureds, insurers, underwriters, brokers and risk managers across all cyber risks, including ransomware, unauthorised disclosure of personal data or information, business interruption and denial of service attacks.

Incident Response

We are experienced in assisting our clients to manage and respond to cyber incidents. We work with them to ensure that the data breach response plan is implemented effectively, to manage internal and external communications and take steps to establish and maintain client legal privilege, to contain and assess any breach (including liaising with IT experts and managing the efficient review of compromised information), to consider and take any remedial action, to understand and seek to minimise risks to the business, customers and individuals, and to make appropriate notifications.

Employment-related issues

We appreciate that cyber incidents can often be caused by the intentional or unintentional conduct of employees or contractors. In addition, cyber incidents may involve the compromise of sensitive personal information of staff. Our Workplace Advisory partner Lara Radik, and her team, are able to provide the full range of legal services required in managing employment-related issues in the context of such incidents.

Litigation, including recovery actions

Our Cyber Team is experienced in advising in relation to and assisting with, litigated claims for the recovery of losses sustained as a consequence of cyber incidents - in particular, losses arising from Business Email Compromise (BEC) in which both the payor and the intended payee may be victims.

Publications and Presentations