Australia's specialist cyber law and advisory practice.
A cyber incident is not just a technology problem. It is a legal event, a regulatory exposure and a boardroom crisis — often all at once. Law & Cyber exists to protect Australian businesses when it matters most.
Led by award-winning cyber lawyer Simone Herbert-Lowe. Sydney-based. Nationally available
THE PROBLEM WE SOLVE
The stakes have never been higher.
Australian businesses face escalating threats: ransomware, data breaches, payment fraud, regulatory scrutiny and the growing personal liability of directors and officers.
The legal and regulatory landscape has moved fast. The Privacy and Other Legislation Amendment Act 2024 has strengthened enforcement. ASIC has made clear that cyber security is a board governance obligation, not a management one. The Security of Critical Infrastructure Act affects a growing number of sectors. AML/CTF Tranche 2 commences 1 July 2026.
And the threat environment is changing shape. AI-enabled deepfakes, voice cloning and targeted social engineering are now within reach of everyday criminals — not just sophisticated actors. At the same time, the obligations governing how organisations use AI — in legal proceedings, in regulated services, in client-facing contexts — are hardening fast. Courts have put their expectations in writing. Practitioners have already faced regulatory consequences. AI culture is becoming a compliance issue.
The question is not whether your organisation will face a cyber challenge — or an AI governance question. It is whether you will be prepared when you do.
WHO WE HELP
We work with the people who carry the responsibility.
Our clients are senior decision-makers who need clear, commercially grounded advice — not technical jargon.
General Counsel & Legal Teams
You carry the legal risk for your organisation. We give you the specialist cyber and privacy law expertise to advise your board, manage incidents and keep your business compliant.
Business Owners & CEOs
You are accountable for everything. We help you understand your exposure, build resilience and respond decisively when things go wrong – without the noise.
CFOs & Chief Risk Officers
Cyber risk is financial risk. We translate technical threats into commercial consequences and help you build a defensible risk posture across your organisation.
Boards & Directors
Director liability in cyber events is real and growing. We brief boards in plain language, run tabletop scenarios and help you meet your governance obligations with confidence.
Law Firms
Law firms are high-value targets. We help firms of all sizes protect client data, satisfy their professional obligations and respond effectively to cyber incidents — drawing on deep experience in the legal sector.
Financial Services
Between APRA CPS 234, AML/CTF obligations and the Privacy Act, your regulatory exposure is significant. We provide the specialist legal and advisory support your compliance and risk teams need.
THE THREE PILLARS
Three ways we protect your organisation.
-
Specialist legal advice across technology and digital law, data privacy and protection, AI governance, cyber-related disputes and contract review.
We advise businesses newly designated under AML/CTF Tranche 2 on the privacy and data compliance obligations the new regime creates. We advise law firms and other regulated professionals on their AI obligations under the Federal
Court's GPN-AI practice note and the NSW Supreme Court's SC Gen 23. When an incident occurs, we are the lawyers you want from the first hour —advising on notification obligations, regulatory engagement and legal exposure.
-
Beyond legal advice, we help organisations assess their cyber risk, build governance frameworks, prepare incident response plans and navigate the aftermath of an attack. Practical, commercially focused and tailored to your sector and risk profile.
-
We have trained over 10,000 Australians — from boards and executive teams to specialist professional cohorts across law, financial services, property, construction, sport and general business. Our online courses and in-person programs are designed to build genuine, lasting cyber awareness — not tick-a-box compliance. We also deliver a dedicated CPD-eligible session for law firms on generative AI and legal ethics — covering what the Federal Court's GPN-AI and the NSW Supreme Court's SC Gen 23 actually require, and how to build a practice culture that uses AI in a way that stands up to scrutiny.
One practice. Three capabilities. A better outcome.
Most organisations engage a law firm for legal advice and a separate provider for training. The two rarely speak to each other — which means the training does not reflect real legal risk, and the legal advice does not benefit from understanding how organisations actually fail.
At Law & Cyber, the three capabilities are deliberately integrated.
Because we advise organisations through real incidents, we know what fails in practice — and that makes our training more accurate. Because we train organisations before incidents occur, we understand the human and governance failures that create legal exposure — and that makes our advisory work more practically grounded.
You do not get that from two separate firms working independently.
What sets us apart.
Award-winning expertise
Law & Cyber is led by award-winning lawyers recognised for excellence and innovation in cyber law — with multiple industry nominations and awards including the Women in Law Awards and international recognition at RelativityFest. When you engage us, you are working with practitioners at the leading edge of this field.
10,000+ Australians trained
We have delivered cyber awareness and education to organisations across law, financial services, property, the built environment, sport, retail, boards and general business. Our training is practical, tailored and designed to create behaviour change — not just awareness.
Deep, specialist experience
Our expertise spans the full spectrum of cyber-related law — privacy, data governance, AI governance, incident response, dispute resolution and expert evidence. We understand the Australian regulatory landscape and the international obligations that increasingly affect Australian businesses.
Advising at the frontier of AI governance
AI is reshaping how Australian professionals and businesses operate — and the legal and regulatory obligations around it are moving fast. We advise businesses and law firms on AI governance frameworks, acceptable use policies and the professional obligations now embedded in the Federal Court's GPN-AI practice note and the NSW Supreme Court's SC Gen 23. For law firms, we also deliver a dedicated CPD-eligible session that covers what these instruments actually require and how to build a practice culture that uses AI in a way that stands up to scrutiny.
→ Find out more about our Generative AI and Legal Ethics CPD session
A practice that engages at the highest levels
We have made submissions to Parliamentary inquiries into cybercrime, appeared in leading legal publications and advised organisations responding to Australia's most significant cyber incidents. We bring that depth of engagement to every client relationship.
10,000
Australians trained
30+
Years combined legal experience
7
Industry awards and nominations
1
The only Australian practice combining specialist cyber law with a national education program
Led by a practitioner at the leading edge of cyber law.
Law & Cyber is led by Simone Herbert-Lowe — an award-winning lawyer recognised for excellence and innovation in cyber law. Simone advises organisations through Australia's most significant cyber incidents, makes submissions to Parliamentary inquiries, provides expert evidence in leading Australian courts and is one of Australia's foremost voices on cyber risk, privacy and AI governance. She advises businesses and law firms on the governance frameworks and professional obligations that now govern AI use — including the Federal Court's GPN-AI and the NSW Supreme Court's SC Gen 23.
Her work has been acknowledged through multiple industry nominations and awards, including the Women in Law Awards and international recognition at RelativityFest.
Law & Cyber is the only Australian practice that combines specialist cyber and technology legal advice with a dedicated national education program of this breadth and depth — with more than 10,000 Australians trained across law, financial services, property, construction, sport and general business.
Our Partners
“As lawyers we need to understand the risks and impacts involved in cyberattacks both for our own cyber security and that of our clients. This course has provided us with practical, relatable and valuable information to enhance the knowledge of both our professional and support teams. We required every member of our teams nationwide complete this excellent course.”
“
From our Insights.
News and Media
Ready to protect your business?
Whether you need legal advice, cyber advisory support or education for your team — we are ready to help.