Andrew Miers
Andrew Miers is a risk and claims adviser with a specialist focus on cyber security, online content and other digital and technology risks.
Andrew is recognised for his market leading expertise in cyber security risks. He has handled many cyber incidents, data breaches and related claims, assisting a variety of businesses in responding to incidents. This includes incidents involving ransomware, phishing emails, business email compromises, false payment directions, human error breaches and privacy breaches, including numerous high profile and sensitive matters. He has assisted clients in reporting to regulators, both the OAIC as privacy regulator, as well as other regulators such as ASIC, APRA and industry specific regulators.
Andrew has been at the forefront of the emerging cyber insurance market for over a decade, advising insurers on the evolving legal and regulatory landscape for cyber risk, and assisting insurers to develop insurance policy wordings to cover these new risks. He is appointed to a number of insurers’ cyber breach and incident response panels.
Andrew is a sought after industry speaker on cyber risks and insurance and is widely published as a thought leader in the field. He was named in 2021 as one of Australasian Lawyer’s inaugural 5-Star Cyber Lawyers.
Andrew also practices in media and technology liability claims, often on instructions from insurers for their insured risks but also acting directly for government and corporate clients. He has acted in matters involving defamation, social media and other online content, privacy, intellectual property infringement and claims against IT service providers.
Andrew also has a background in insurance for professional and executive risks, acting on claims and litigation involving a variety of professionals and directors and officers. He has been named in Best Lawyers™ Australia for Insurance Law and has been listed by Doyle’s Guide as a recommended leading Professional Indemnity Lawyer.
Experience
Andrew’s experience includes acting for:
- A charitable community services organisation to respond to a ransomware attack involving access to unstructured sensitive personal data including forensic investigation, data review and harm assessment, data breach notification, media management and engaging identity theft counselling services;
- A software as a service provider in a significant ransomware attack including complex data review, engagement with corporate customers, coordinating multi-party data breach obligations, engagement with various regulators and government agencies including OAIC and ATO;
- A client Management System platform provider in large scale data exfiltration incident involving data posted on deep web forum, including advising on data breach and other regulatory obligations and engagement with corporate and government clients;
- An aged care provider following a ransomware attack on its external cloud data holder including large data review and data breach notification, including managing process of notifications to individuals and incoming calls and complaints;
- A publicly listed retailer on data breach notification and continuous disclosure obligations following ransomware incident with unauthorised access into, and encryption of, a back office PC containing 75,000 customer records, including coordinating large scale customer communication exercise;
- A wealth management advisory firm on a business email compromise incident including advising on liability for funds transferred from client’s accounts, forensic investigation, review of whether personal information was compromised and advising on reporting obligations to the OAIC and ASIC;
- A state government agency on potential data breach issues following a business email compromise;
- Insurers of a private equity firm in a large claim involving alleged breach of warranties and misleading or deceptive conduct in connection with a share sale agreement. Involved advising on D&O, PI and Warranty & Indemnity insurance;
- Numerous insurers on insurance coverage issues arising out of cyber claims including advice in relation to business interruption losses, claims for recovery and remediation costs, social engineering losses and ‘silent cyber’ exposures under traditional insurance policies;