Incident Legal Response.

When a cyber incident strikes, the legal clock starts immediately. Having the right lawyer in the room from the first hour can determine your regulatory exposure, your insurance position and your legal liability.

Talk to us

OVERVIEW

A cyber incident is not just an IT crisis. From the moment it is confirmed, it triggers a cascade of legal obligations: notification timelines under the Notifiable Data Breaches scheme, potential reporting obligations under the Security of Critical Infrastructure Act and the Cyber Security Act, ransom payment reporting requirements, insurance notification obligations and the legal exposure that follows if any of these are mishandled.

Decisions made in the first 24 to 72 hours of an incident can define the legal outcome for months or years. The organisations that navigate incidents best are those that have legal advice running in parallel with their technical response from the outset — not as an afterthought once the immediate crisis has passed.

Law & Cyber provides that legal advice. Simone Herbert-Lowe has advised organisations responding to some of Australia's most significant cyber incidents, given expert written opinion in Supreme Court proceedings where the amounts in dispute were in the tens of millions of dollars, and made submissions to the Parliamentary Joint Committee on Law Enforcement into Cybercrime. When the pressure is highest, you want a lawyer who has been there before.

What we advise on.

  • We advise on whether and when notification is required under the NDB scheme, what the notification must contain, how to notify the OAIC and affected individuals, and how to manage the timing and content of notification to minimise your legal and reputational exposure.

  • How an incident response is structured from a legal perspective determines whether your internal communications, forensic reports and legal advice are protected by privilege. We advise on how to structure your response to preserve privilege from the outset.

  • We advise on engagement with the OAIC, ACSC, AUSTRAC, APRA and other regulators that may have an interest in the incident — including what to say, what not to say, and how to present your organisation's response in the most favourable light.

  • Ransom payment decisions carry legal, regulatory and reputational consequences. We advise on the legal framework, the mandatory reporting obligations that now apply to ransom payments in Australia, and the considerations that should inform your decision.

  • Cyber insurance policies are complex and your obligations as a policyholder start at the moment of an incident. We advise on notification obligations to your insurer, coverage questions and how to protect your claim throughout the response process.

  • Incidents frequently give rise to claims — against vendors, managed service providers and other third parties whose failure contributed to the breach. We advise on the strength of those claims and how to preserve your position for any subsequent dispute or litigation.

Following a devastating ransomware attack, Law & Cyber were engaged to provide legal advice in support of our efforts to recover lost data, consider privacy impacts and subsequently seek compensation from our managed IT service provider. Law & Cyber provided an extraordinary level of insight, expertise, experience and professionalism. The consultancy delivered a very successful outcome including a settlement from the relevant insurer.
— General Manager, Building Industry

Are you prepared?

If you have not already reviewed your incident response plan from a legal perspective, now is the time. We work with organisations ahead of incidents — reviewing their plans, identifying legal gaps and ensuring that the right frameworks are in place before they are needed.

Explore our Incident Preparation & Response advisory service →

Dealing with an incident right now?

Contact us immediately. We are available for urgent matters.

Get in touch