We are a dedicated cyber risk and insurance practice serving organisations of all sizes and their cyber insurers.

Our goal is to be a trusted adviser called upon when an organisation is addressing cyber-related risk, preparing for a potential cyber incident, responding to an incident, or is considering its cyber insurance position.

If a cyber incident eventuates, we can assist you with all aspects of the response including engaging all necessary vendors, advising on the regulatory framework and working with your cyber insurer.

Our level of involvement is guided by you. We can act as the incident response manager (sometimes called a breach coach) managing the entire process, or your legal adviser addressing specifically the regulatory and notification issues.

We partner with leading vendors across the entire cyber industry including cybersecurity/IT forensic experts, public relations and communication consultants, data review and ID theft specialists, credit monitoring and notification experts, forensic accountants, and international law firms, to ensure any cyber risk exposure or incident is addressed and responded to appropriately and efficiently.

We also have strong relationships with the leading cyber insurance brokers and insurers.  Our insurance expertise enables us to work seamlessly with your broker and insurer, their vendor panel and within their costs guidelines.

We specialise in cyber resilience services.

We know that if you suffer a cyber incident, getting back to business as usual quickly is paramount. This requires strong cyber resilience, being your organisation’s ability to detect, manage and recover from a cyber incident.

We can support your organisation with each component of its cyber resilience:

• Detect: We assist organisations with understanding their unique cyber-related risk through cybersecurity penetration testing, incident planning, ‘tabletop’ exercises and staff training, and regulatory advice.
• Manage: We manage cyber incidents for organisations and their insurers, from the initial forensic investigation and data review, to notifying regulators, authorities and stakeholders, engaging all necessary vendors and providing relevant legal advice.
• Recover: We help organisations with getting back to business as usual after a cyber incident, including system recovery, cybersecurity upgrades, forensic reviews of business interruption, or third party claims.

We also advise organisations and insurers regarding insurance coverage of cyber incidents, from the costs incurred in responding to an incident to business interruption financial loss.  We also help organisations and their brokers when purchasing cyber insurance.

We also act for organisations in litigated cyber claims whether as the claimant or defendant, or for the subrogated insurer in recovery actions.

Sydney partner and Cyber Risk specialist Jason Symons has advised on the following recent projects:

• Advising travel company that suffered a ransomware attack including engaging IT forensic expert to review the compromise, correspond with the third party actor regarding the ransom and decryption of data, and the subsequent recovery of system and betterment of cybersecurity.
• Advising consultancy firm that suffered a significant data breach and invoice payment frauds involving a complex data review, advising on multiple notifications to the Office of the Australian Information Commissioner (OAIC) and stakeholders, and responding to a third party claim.
• Advising advisory firm regarding a business email compromise of 10 years of email data including client contact and investment data, which involved working with the OAIC in relation to notifying clients of the incident and assisting them with potential identify theft.
• Advising London underwriter and Australian agency in relation to claim by insured following payment of fraudulent invoices issued by a client that had been compromised by a third party actor including issues relating to coverage and representations made by the insured during the underwriting process relating to cyber risk training.
• Advising Australian cyber insurer regarding a new cyber product and policy wording including advising on privacy regulation and the data breach notification scheme.