Cyber security is now top of the Board agenda.
The trajectory of regulation is only shifting accountability for cyber, privacy and data in one direction. Alongside rapid changes in the use of technology and the capabilities of threat actors and cyber criminals, our clients recognise they need a new approach to cyber readiness and response. We bring in-the-field experience advising leadership teams and Boards in moments of acute cyber crisis.
Our pragmatic advice comes from our hands-on Boardroom experience in navigating cyber incidents, data breaches, ransomware events and high impact crises including the recent high profile cyber-attacks in Australia, UK and Europe.
We help our clients build sustainable cyber defences, based on a clear understanding of their obligations and on the underlying threat environment. We improve cyber readiness through our whole of lifecycle expertise across cyber, data governance and privacy issues through a combination of legal, risk advisory and Ashurst Advance programme delivery teams. We partner with our clients to help them be cyber resilient, forecasting cyber risks, building operational resilience and delivering on long term cyber remediation and recovery objectives.
Advising on legal and regulatory requirements, such as data and privacy breaches, and providing advice across regulatory investigation and litigation support.
Helping to prepare for and respond to high impact cyber incidents, including strategic cyber risk programmes to build cyber resilience, testing executive level readiness and cyber Board reporting and governance.
Using best-in-class technology to identify and analyse digital evidence to help organisations stay focused on the critical issues.
We focus on cyber resilience: helping our clients understand cyber risks, building resilience, helping with incident response and remediation, and then learnings and improvements in the recovery phase.
We provide end-to-end, whole of lifecycle expertise across cyber, data and privacy issues.
- Cyber strategy, risk management and governance
- Board reporting, governance and director duties
- Risk assessment, strategy and roadmap planning
- Incident response and crisis management planning
- Ransomware advice
- Investigation and remediation
- Cyber insurance
- Negotiating specialist cyber agreements
- Third-party cyber risk management
- Crisis management and incident response
- Regulatory investigation
- Government inquiries
- Complaints management and Ombudsman support
- Managing multiple forensic investigation
- E-Discovery preparation
- Insurance management
- Disaster recovery
- Implementing post-incident reports
- Controls and systems uplift
- Managing ongoing litigation
- Ongoing regulatory management
- Complaints resolution
Insurance organisation: Principal adviser to the CEO and Board of a large Australian medical insurance company that had suffered a high profile ransomware attack. We acted as the strategic adviser on all matters of the crisis, including, communications and stakeholder management, customer wellbeing, the forensic investigation, communications with the threat actor, liaison with law enforcement, the scope of post incident reporting and the long term strategy to recover brand and reputation.
Telecommunications industry: Advising an Australian telecommunications company that had suffered a high profile data breach including advising on regulatory notifications and responding to requests from the regulator, stakeholder communications, customer wellbeing, data governance, responding to the ransom demand and liaison with law enforcement, and managing all aspects of forensic and post incident reporting.
Global UK listed manufacturing company: Advising a global company on its response to a significant ransomware attack that impacted its entire global information technology and operational technology environment across 22 jurisdictions around the world. Our advice included responding to regulatory notifications across multiple jurisdictions, the operations of the crisis management team, advising on forensic recovery, communications and stakeholder management, e-discovery and data analytics, privacy risk assessments and notifications to individuals and post incident reporting.
Australian superannuation (pension) fund: Advising an Australian superannuation fund that involved completing a review of crisis management plans and protocols, and cyber incident response playbooks, conducting Board training and refining the role of the Board, and delivering a series of desktop and simulation incidents to improve awareness and capabilities across the leadership team in responding to a high impact cyber-attack and data breach.
State-owned energy company: Advising a state owned energy company on its response to a significant ransomware attack that impacted its entire corporate IT environment, including advising on regulatory notifications, the operations of the crisis management team, forensic recovery, communications and stakeholder management, e-discovery and data analytics, privacy risk assessments and notifications to individuals. We also supported the establishment of a cyber steering committee and reported monthly, on an ongoing basis, to the Board on remediation objectives and milestones, as an independent expert.
Sharing our insights
Carousel: clicking the "Previous" or "Next" button changes the content between the buttons.
Enforcement of the reportable situations regime – Are you ready?
28 Nov 2023Discover more
Australia's cyber strategy – a bold regulatory reform agenda
24 Nov 2023Discover more
Australia's blueprint for privacy reform–what you need to do today
01 Nov 2023Discover more
ASIC warns directors to address third-party cyber risk or face enforcement action
19 Oct 2023Discover more
Ashurst response to the 2023 – 2030 Australian Cyber Security Strategy Discussion Paper
19 Sep 2023Discover more
AI and IP: Copyright – the wider picture and practical considerations for businesses
12 Sep 2023Discover more
Quality of Advice Review
31 May 2023Discover more
Typhoon Warning: an urgent cyber warning from international cyber agencies
29 May 2023Discover more