Risk Advisory

Cyber

Ready for a new approach to cyber readiness and response? We help our clients build cyber resilience and effective cyber risk management.

Search our people

Cyber security is now top of the Board agenda

The trajectory of regulation is only shifting accountability for cyber, privacy and data in one direction. Alongside rapid changes in the use of technology and the capabilities of threat actors and cyber criminals, our clients recognise they need a new approach to cyber readiness and response. We bring in-the-field experience advising leadership teams and Boards in moments of acute cyber crisis.

Our pragmatic advice comes from our hands-on Boardroom experience in navigating cyber incidents, data breaches, ransomware events and high impact crises including the recent high profile cyber-attacks in Australia, UK and Europe.

We help our clients build sustainable cyber defences, based on a clear understanding of their obligations and on the underlying threat environment. We improve cyber readiness through our whole of lifecycle expertise across cyber, data governance and privacy issues through a combination of legal, Risk Advisory and Ashurst Advance programme delivery teams. We partner with our clients to help them be cyber resilient, forecasting cyber risks, building operational resilience and delivering on long term cyber remediation and recovery objectives.

Legal services

Legal services

Advising on legal and regulatory requirements, such as data and privacy breaches, and providing advice across regulatory investigation and litigation support.

Risk Advisory

Risk Advisory

Helping to prepare for and respond to high impact cyber incidents, including strategic cyber risk programmes to build cyber resilience, testing executive level readiness and cyber Board reporting and governance.

Ashurst Advance

Ashurst Advance

Using best-in-class technology to identify and analyse digital evidence to help organisations stay focused on the critical issues.

Our approach

We focus on cyber resilience: helping our clients understand cyber risks, building resilience, helping with incident response and remediation, and then learnings and improvements in the recovery phase.

We provide end-to-end, whole of lifecycle expertise across cyber, data and privacy issues.

Prepare

  • Cyber strategy, risk management and governance
  • Board reporting, governance and director duties
  • Risk assessment, strategy and roadmap planning
  • Incident response and crisis management planning
  • Ransomware advice
  • Investigation and remediation
  • Cyber insurance
  • Negotiating specialist cyber agreements
  • Third-party cyber risk management

Respond

  • Crisis management and incident response
  • Regulatory investigation
  • Government inquiries
  • Complaints management and Ombudsman support
  • Managing multiple forensic investigation
  • E-Discovery preparation
  • Insurance management

Recover

  • Disaster recovery
  • Implementing post-incident reports
  • Controls and systems uplift
  • Managing ongoing litigation
  • Ongoing regulatory management
  • Complaints resolution

Case Studies

Insurance organisation: Principal adviser to the CEO and Board of a large Australian medical insurance company that had suffered a high profile ransomware attack. We acted as the strategic adviser on all matters of the crisis, including, communications and stakeholder management, customer wellbeing, the forensic investigation, communications with the threat actor, liaison with law enforcement, the scope of post incident reporting and the long term strategy to recover brand and reputation.

Telecommunications industry: Advising an Australian telecommunications company that had suffered a high profile data breach including advising on regulatory notifications and responding to requests from the regulator, stakeholder communications, customer wellbeing, data governance, responding to the ransom demand and liaison with law enforcement, and managing all aspects of forensic and post incident reporting.

Global UK listed manufacturing company: Advising a global company on its response to a significant ransomware attack that impacted its entire global information technology and operational technology environment across 22 jurisdictions around the world. Our advice included responding to regulatory notifications across multiple jurisdictions, the operations of the crisis management team, advising on forensic recovery, communications and stakeholder management, e-discovery and data analytics, privacy risk assessments and notifications to individuals and post incident reporting.

Australian superannuation (pension) fund: Advising an Australian superannuation fund that involved completing a review of crisis management plans and protocols, and cyber incident response playbooks, conducting Board training and refining the role of the Board, and delivering a series of desktop and simulation incidents to improve awareness and capabilities across the leadership team in responding to a high impact cyber-attack and data breach.

State-owned energy company: Advising a state owned energy company on its response to a significant ransomware attack that impacted its entire corporate IT environment, including advising on regulatory notifications, the operations of the crisis management team, forensic recovery, communications and stakeholder management, e-discovery and data analytics, privacy risk assessments and notifications to individuals. We also supported the establishment of a cyber steering committee and reported monthly, on an ongoing basis, to the Board on remediation objectives and milestones, as an independent expert.

image

A generational change in privacy regulation in Australia

We draw on Ashurst's combined legal and risk advisory expertise to help organisations keep pace with the evolving Privacy Act reforms and the actions they can take to position themselves for success.

Learn more about privacy reform in Australia

Sharing our insights