End-to-end cyber incident support - CS Energy

CS Energy faced a significant challenge when a ransomware attack compromised its entire corporate network, posing severe risks to operations, data integrity, and regulatory compliance. Immediate priorities included managing legal implications, ensuring regulatory compliance, navigating contractual obligations, and replacing its ICT managed services provider following vulnerabilities exposed by the breach.

Our solution

Ashurst adopted a comprehensive, multidisciplinary approach to support CS Energy through this crisis. Our key actions included:

• Legal response and risk management: advising on legal and contractual obligations, guiding privacy compliance and coordinating with relevant authorities.
• Crisis management and strategic support: providing strategic advice to manage the immediate fallout of the attack and strengthen the cybersecurity posture.
• Regulatory compliance and data retention: reviewing data-retention practices against the Security of Critical Infrastructure Act, identifying compliance gaps and recommending enhancements.
• Replacement of IT vendors: managing the termination of existing contracts and guided procurement and negotiation of new vendor arrangements.
• Cyber insurance claims management: assisting in understanding whether its insurance would cover the incident.

• eDiscovery and data breach notifications: analysing information potentially accessed during the attack and assisted with data breach notifications to affected individuals, by leveraging our Ashurst Advance team.

Client outcome

Ashurst's support enabled CS Energy to meet all regulatory obligations, minimise legal risks, manage the replacement of critical IT vendors, and improve its cybersecurity resilience. CS Energy emerged stronger, with enhanced systems and processes to safeguard against future cyber threats.