Risk Advisory
Cyber
Ready for a new approach to cyber readiness and response? We help our clients build cyber resilience and effective cyber risk management.
Search our peopleCyber security is now top of the Board agenda
The trajectory of regulation is only shifting accountability for cyber, privacy and data in one direction. Alongside rapid changes in the use of technology and the capabilities of threat actors and cyber criminals, our clients recognise they need a new approach to cyber readiness and response. We bring in-the-field experience advising leadership teams and Boards in moments of acute cyber crisis.
Our pragmatic advice comes from our hands-on Boardroom experience in navigating cyber incidents, data breaches, ransomware events and high impact crises including the recent high profile cyber-attacks in Australia, UK and Europe.
We help our clients build sustainable cyber defences, based on a clear understanding of their obligations and on the underlying threat environment. We improve cyber readiness through our whole of lifecycle expertise across cyber, data governance and privacy issues through a combination of legal, Risk Advisory and Ashurst Advance programme delivery teams. We partner with our clients to help them be cyber resilient, forecasting cyber risks, building operational resilience and delivering on long term cyber remediation and recovery objectives.
Legal services
Advising on legal and regulatory requirements, such as data and privacy breaches, and providing advice across regulatory investigation and litigation support.
Risk Advisory
Helping to prepare for and respond to high impact cyber incidents, including strategic cyber risk programmes to build cyber resilience, testing executive level readiness and cyber Board reporting and governance.
Ashurst Advance
Using best-in-class technology to identify and analyse digital evidence to help organisations stay focused on the critical issues.
Our approach
We focus on cyber resilience: helping our clients understand cyber risks, building resilience, helping with incident response and remediation, and then learnings and improvements in the recovery phase.
We provide end-to-end, whole of lifecycle expertise across cyber, data and privacy issues.
Prepare
- Cyber strategy, risk management and governance
- Board reporting, governance and director duties
- Risk assessment, strategy and roadmap planning
- Incident response and crisis management planning
- Ransomware advice
- Investigation and remediation
- Cyber insurance
- Negotiating specialist cyber agreements
- Third-party cyber risk management
Respond
- Crisis management and incident response
- Regulatory investigation
- Government inquiries
- Complaints management and Ombudsman support
- Managing multiple forensic investigation
- E-Discovery preparation
- Insurance management
Recover
- Disaster recovery
- Implementing post-incident reports
- Controls and systems uplift
- Managing ongoing litigation
- Ongoing regulatory management
- Complaints resolution
Case Studies
Insurance organisation: Principal adviser to the CEO and Board of a large Australian medical insurance company that had suffered a high profile ransomware attack. We acted as the strategic adviser on all matters of the crisis, including, communications and stakeholder management, customer wellbeing, the forensic investigation, communications with the threat actor, liaison with law enforcement, the scope of post incident reporting and the long term strategy to recover brand and reputation.
Telecommunications industry: Advising an Australian telecommunications company that had suffered a high profile data breach including advising on regulatory notifications and responding to requests from the regulator, stakeholder communications, customer wellbeing, data governance, responding to the ransom demand and liaison with law enforcement, and managing all aspects of forensic and post incident reporting.
Global UK listed manufacturing company: Advising a global company on its response to a significant ransomware attack that impacted its entire global information technology and operational technology environment across 22 jurisdictions around the world. Our advice included responding to regulatory notifications across multiple jurisdictions, the operations of the crisis management team, advising on forensic recovery, communications and stakeholder management, e-discovery and data analytics, privacy risk assessments and notifications to individuals and post incident reporting.
Australian superannuation (pension) fund: Advising an Australian superannuation fund that involved completing a review of crisis management plans and protocols, and cyber incident response playbooks, conducting Board training and refining the role of the Board, and delivering a series of desktop and simulation incidents to improve awareness and capabilities across the leadership team in responding to a high impact cyber-attack and data breach.
State-owned energy company: Advising a state owned energy company on its response to a significant ransomware attack that impacted its entire corporate IT environment, including advising on regulatory notifications, the operations of the crisis management team, forensic recovery, communications and stakeholder management, e-discovery and data analytics, privacy risk assessments and notifications to individuals. We also supported the establishment of a cyber steering committee and reported monthly, on an ongoing basis, to the Board on remediation objectives and milestones, as an independent expert.
A generational change in privacy regulation in Australia
We draw on Ashurst's combined legal and risk advisory expertise to help organisations keep pace with the evolving Privacy Act reforms and the actions they can take to position themselves for success.
Learn more about privacy reform in AustraliaSharing our insights
Carousel: clicking the "Previous" or "Next" button changes the content between the buttons.
-
Business Insight Australia's blueprint for privacy reform–what you need to do today
01 Nov 2023
Discover more -
Business Insight Typhoon Warning: an urgent cyber warning from international cyber agencies
29 May 2023
Discover more -
Legal development Anti-money laundering compliance - what does the FCA expect in 2023
16 Jan 2023
Discover more -
Business Insight Mandatory cyber incident reporting now live for Australias critical infrastructure
19 Jul 2022
Discover more -
Business Insight Preparing for data and disclosure demands in the age of a net zero Australia
18 Jul 2022
Discover more