Cyber security is now a serious concern for many types of businesses. We advise boards and organisations on cyber resilience.
We support clients around the entire NIST Cyber Security Lifecycle: (1) advice on pro-active cyber security resilience (identify and protect); (2) reactive incident response (detect, respond and recover); and (3) transactional – cyber security warranties in supply chains, customer agreements and acquisition agreements (identify and protect).
While it’s not possible to protect against every risk, every business can improve cyber resilience and become a harder target to attackers.
Working with cyber security consultants and in-house teams, we support clients when they carry out risk assessments. We advise on internal policies and contractual protections regarding key suppliers and customers.
We have experience in incident response and we tailor support based on a client’s own capabilities and resources.
Drawing on our technical and data knowledge we provide full transactional support to businesses around cyber security and data protection.
Advising an online retailer in relation to the fallout from a white-hat hacker publishing details of a security vulnerability in an Application Programming Interface servicing its mobile apps. This included advising on strategy, notification of the Information Commissioner’s Office, preparing a detailed report of the incident and drafting communications to affected customers and press releases
Advising a FTSE 100 company on whether to notify the ICO or not following a data breach involving the theft of laptops
Advising a client on a phishing attack that caused one of its clients to make payment into a bank account controlled by the attacker
Key contracts / services
Drafting Internal policies around cyber security and cyber resiliance
Transactional support to address cyber security risks and obligations with key suppliers and customers
Incident support including declaring an incident, containment, investigation and categorising the incident
Keeping a log of any incidents and investigations
If the incident relates to personal data, advising on whether to notify the ICO and drafting an appropriate notification
Advice on notification under Article 34 GDPR
Post incident review and reporting