Cyber Security

Cyber security has emerged as one of the most critical risks facing Australian businesses. With cyber incidents occurring at increasing frequency and severity, organisations are under growing regulatory and public scrutiny. In this environment, businesses must not only protect their digital assets but also demonstrate robust governance and compliance with an increasing number of legal obligations.

We understand that managing cyber risk requires more than just technical solutions – it demands a strategic, multidisciplinary approach that integrates legal, regulatory, and operational expertise.

24/7 cyber incident hotline

Our Cyber team is available to assist with a 24/7 cyber incident hotline. Contact our team:

View all team members Related insights

Our Cyber service offering

We have a leading team that offer a comprehensive suite of legal services designed to help clients build cyber resilience, respond effectively to incidents, and meet their regulatory obligations.

  • Board-level guidance on cyber risk oversight
  • Strategic risk assessments and maturity reviews
  • Regulatory compliance with requirements of the OAIC, ASIC, APRA, and other bodies
  • Development and review of internal cyber policies
  • Incident response and business continuity plans and preparedness, including cyber incident simulations
  • Third-party risk management and vendor assessments
  • Legal support and strategic advice during and after a cyber breach
  • Coordination with forensic, insurance, public relations and technology experts
  • Notification obligations and stakeholder communications
  • Defence and representation in regulatory investigations and actions
  • Litigation and claims involving service providers arising from data breaches or cyber incidents
  • Privacy complaints and claims by affected individuals

Cyber Security

Our experience

  • A payroll software provider Advising on response to a ransomware attack requiring notification of over 80,000 individuals, including complex data review, engagement with corporate customers across many industries, coordinating multi-party data breach obligations, engagement with the OAIC and ATO and resolving third party liability claims.
  • A credit union Advising on regulatory obligations arising out of a business email compromise including on AFSL and credit licensee reporting obligations to ASIC, reporting obligations to APRA and privacy notifications to the OAIC and affected individuals.
  • A not-for-profit community services organisation Advising on a ransomware attack including advising on forensic investigation, large scale data review and harm assessment, data breach notification and other regulatory obligations, stakeholder management and PR/media management.
  • Numerous medical practices and medical professionals Advising on cyber incidents and data breach notifications involving medical practitioners and clinics, including where impact to health information and engaging with the Australian Digital Health Agency.
  • The directors of a health sector services company Providing advice on their directors’ duties regarding the company’s incident response after a large-scale incident impacting over 1 million individuals.
  • A professional services firm Advising on incident response framework, cyber insurance coverage and ransom payment considerations.
  • An ASX listed advisory and technology services provider Advising on implications of a cyber incident during an M&A transaction, including amendments to share sale and purchase deed and insurance coverage.
  • A financial institution Advising on cyber liability and cyber insurance clauses in contract with software services provider including as to potential losses and adequacy of provider’s cyber insurance coverage.