Cyber Risk Services

Small lapses in security trigger large incidents, which means all organisations can be vulnerable to a significant attack; malware from a “known” sender; poor access management, governance, assurance, contractual performance behaviours of employees and third parties that result in significant challenges for organisations across various phases.

How we can help you by providing end-to-end advice

We support our clients with pragmatic advice, gained through real-world experience navigating cyber incidents, data breaches, ransomware events and high impact crises.

We provide end-to-end advice through a combination of legal, risk advisory and program delivery teams.

Ashurst Legal

Our legal governance and data breach teams have experience advising on legal and regulatory requirements, such as directors duties and privacy, arising from a variety of cyber threats. In the event of a cyber incident, we provide in depth advice across regulatory investigation and litigation support. In transactions, we cover the full spectrum of legal and risk in due diligence.

Ashurst Risk Advisory - Consulting

We have unique insights that can improve how organisations prepare for and respond to high impact cyber incidents, at an executive and board level. We have deep expertise in developing strategic cyber risk programs to build cyber resilience, testing executive level readiness and cyber Board reporting and governance. Our incident response expertise, which includes crisis management, risk support and complaints/remediation program assistance, accelerates recovery from ransomware, data breaches and cyber-attacks.

Ashurst Advance - Delivery

Process, design and digital professionals specialising in the rigorous execution of forensic investigations. We use best-in-class technology to identify and analyse digital evidence to help your teams stay focused on the critical issues.

We provide end-to-end, whole of lifecycle expertise across cyber, data and privacy issues.

Our approach

We focus on cyber resilience: helping our clients understand cyber risks, building resilience, helping with incident response and remediation, and then learnings and improvements, including:

• Advice on all aspects of data protection, cyber frameworks, privacy and cyber security regulation.
• Cyber simulations & response exercises that stress test your breach response to identify any weaknesses and prepare you for worst case scenarios.
• Cyber incident methodology designed to ensure a holistic understanding of root cause, response, impact and recovery, and implement lessons learnt.
• A first point of call, in the instance of an attack and/or data breach, including support through all phases of Respond and Recover.
• Evidence, throughout the recovery process, of a cyber incident to enable root cause analysis and investigation required by shareholders and regulators.
• Forensic advisory recommendations that are clearly prioritised to enable efficient implementation and tracking.

Our experience

1. Prepare

• Advised a telco on directors duties and best practice cyber board reporting, governance and strategic planning.
• Advised a bank on coverage for cyber risks under cyber, professional indemnity, crime and directors and officers liability insurance policies, and negotiating extensive changes to the cyber policy with insurers.
• Advised an energy company on a range of privacy and data regulatory matters, including advice on data breaches and privacy compliance, support for regulatory change projects, and advice in relation to the new laws, regulations and standards.
• Advised a bank, conducting scenario planning workshops and an overview of events that may threaten the viability of the business and facilitating crisis exercises, exercising enterprise level crisis scenarios, preparing a report summarising learnings and actions including proposed amendments to playbooks.
• Assessed data regulatory obligations and creation of policies and procedures for fast and effective management of and response to, privacy/data breach incidents for an Australian State Government.
• Conducted post incident data quality/profiling, data lineage and data flow analysis of impacted systems, to assess pre-incident governance coverage for a telco.

2. Respond

• Provided an immediate “boots on the ground” response to a major ransomware and data exfiltration incident at a major bank. Our legal and advisory teams provided advice and response coordination at the board level, and engagement with relevant teams and stakeholders in a time-critical situation.
• Acted in response to a notice to produce documents from a regulator for an education provider.
• Provided advice to major clients on directors & officers insurance, cyber insurance and warranty and indemnity insurance.

3. Recover

• Conducted detailed review of Business Continuity Plans for an Australian State Government, including IT Disaster Recovery. Interviewed executive team and conducted management workshops to design future operating model.
• Coordinated a specialist forensic investigation and provided a summary of the investigation and recommendations into the ransomware attack, which had resulted in data exfiltration. We coordinated several external specialist cyber providers and consolidated and prioritised all findings. Reviewed ensuing cyber security uplift program to ensure it met industry standards.
• Provided advice to major clients on directors & officers insurance, cyber insurance and warranty and indemnity insurance.
• Advised a real estate corporate on cyber fraud; liaising with police authorities to gather evidence.
• Represented a bank in relation to a series of cyber fraud incidents involving the transfer of millions of dollars to Middle Eastern countries.
• Provided a strategy for engaging with the Ombudsman and developed supporting materials for a client. Developed a complaints methodology, provided road map and project planning support. Undertook cohort analysis – approach and composition, and provided operational planning.