Cyber security is now a serious concern for many types of businesses.  We advise boards and organisations on cyber resilience.

We support clients around the entire NIST Cyber Security Lifecycle: (1) advice on pro-active cyber security resilience (identify and protect); (2) reactive incident response (detect, respond and recover); and (3) transactional – cyber security warranties in supply chains, customer agreements and acquisition agreements (identify and protect).

While it’s not possible to protect against every risk, every business can improve cyber resilience and become a harder target to attackers.

Working with cyber security consultants and in-house teams, we support clients when they carry out risk assessments. We advise on internal policies and contractual protections regarding key suppliers and customers.

We have experience in incident response and we tailor support based on a client’s own capabilities and resources.

Drawing on our technical and data knowledge we provide full transactional support to businesses around cyber security and data protection.


  • Advising an online retailer in relation to the fallout from a white-hat hacker publishing details of a security vulnerability in an Application Programming Interface servicing its mobile apps. This included advising on strategy, notification of the Information Commissioner’s Office, preparing a detailed report of the incident and drafting communications to affected customers and press releases

  • Advising a FTSE 100 company on whether to notify the ICO or not following a data breach involving the theft of laptops

  • Advising a client on a phishing attack that caused one of its clients to make payment into a bank account controlled by the attacker

Key contracts / services

  • Drafting Internal policies around cyber security and cyber resiliance

  • Transactional support to address cyber security risks and obligations with key suppliers and customers

  • Incident support including declaring an incident, containment, investigation and categorising the incident

  • Keeping a log of any incidents and investigations

  • If the incident relates to personal data, advising on whether to notify the ICO and drafting an appropriate notification

  • Advice on notification under Article 34 GDPR

  • Post incident review and reporting

Who to contact

Rebecca Steer

Rebecca Steer
+44 (0)117 230 9700
+44 (0) 7887 627063

The team at Steer & Co is highly professional and very "on the ball". Also, they get things done fast and exactly when they say they will.

– The Legal 500 2021, ranked in Intellectual Property, South West – Leading Firm

Rebecca was an excellent practitioner and gave significant insight into the market and legal practices affecting us as a Digital agency. I'd not hesitate to recommend Rebecca and her team.

– Chambers and Partners 2023, ranked in Information Technology, South West