Information

Cyber security is now a serious concern for many types of businesses.  We advise boards and organisations on cyber resilience.

We support clients around the entire NIST Cyber Security Lifecycle: (1) advice on pro-active cyber security resilience (identify and protect); (2) reactive incident response (detect, respond and recover); and (3) transactional – cyber security warranties in supply chains, customer agreements and acquisition agreements (identify and protect).

While it’s not possible to protect against every risk, every business can improve cyber resilience and become a harder target to attackers.

Working with cyber security consultants and in-house teams, we support clients when they carry out risk assessments. We advise on internal policies and contractual protections regarding key suppliers and customers.

We have experience in incident response and we tailor support based on a client’s own capabilities and resources.

Drawing on our technical and data knowledge we provide full transactional support to businesses around cyber security and data protection.

Highlights

  • Advising an online retailer in relation to the fallout from a white-hat hacker publishing details of a security vulnerability in an Application Programming Interface servicing its mobile apps. This included advising on strategy, notification of the Information Commissioner’s Office, preparing a detailed report of the incident and drafting communications to affected customers and press releases

  • Advising a FTSE 100 company on whether to notify the ICO or not following a data breach involving the theft of laptops

  • Advising a client on a phishing attack that caused one of its clients to make payment into a bank account controlled by the attacker

Key contracts / services

  • Drafting Internal policies around cyber security and cyber resiliance

  • Transactional support to address cyber security risks and obligations with key suppliers and customers

  • Incident support including declaring an incident, containment, investigation and categorising the incident

  • Keeping a log of any incidents and investigations

  • If the incident relates to personal data, advising on whether to notify the ICO and drafting an appropriate notification

  • Advice on notification under Article 34 GDPR

  • Post incident review and reporting

Who to contact

Nic Ruesink-Brown

nic.ruesink-brown@steerandco.com

+44 (0)7552 939153

+44 (0)117 230 9700

Steer & Co understands our business and is able to provide insightful advice that is tuned to our business needs

– Chambers and Partners 2015, ranked in Intellectual Property, South West – Leading Individual.