A specialist practice built for the risks that matter most.
Law & Cyber was founded on a simple conviction: that Australian businesses deserve expert, integrated advice at the intersection of law, cyber risk and technology – from practitioners who genuinely understand all three.
THE FIRM
Who we are.
Law & Cyber is an Australian specialist legal and advisory practice focused on cyber law, technology and digital law, and data privacy and protection. We work with businesses, professional associations, law firms and boards across Australia that are navigating the legal and regulatory consequences of operating in a digital world.
We are a boutique practice by design. That means our clients work directly with our most experienced practitioners — not delegated to junior staff. It means our advice is tailored, not templated. And it means we build genuine, long-term relationships with the organisations we serve.
Our practice spans three integrated service lines: legal advice, cyber advisory and education and training. Few practices combine all three at this level of depth. That integration is our point of difference — and the reason it matters is specific.
Because we advise organisations through real incidents, we know what fails in practice — and that makes our training more legally accurate than anything a generic training provider can produce. Because we train organisations before incidents occur, we understand the human and governance failures that create legal exposure — and that makes our advisory work more practically grounded. The three capabilities reinforce each other in ways that engaging two separate firms cannot replicate.
BEGINNINGS
Why Law & Cyber exists.
When Law & Cyber was founded, Simone Herbert-Lowe had built her own cyber law practice and later served as Australian Practice Lead for the cyber practice of a global law firm.
Both experiences made clear that businesses facing a data breach needed more than a lawyer. They needed someone who understood how the attack happened, what their regulatory obligations were in the first 72 hours, and how to communicate with their board, their regulator and their clients — all at the same time. They also needed the kind of practical education that builds genuine cyber resilience before an incident occurs — not just legal advice after the fact. That combination of specialist legal expertise and dedicated cyber education is what Law & Cyber was built to provide.
Most firms could offer one of those things. We built a practice that offers all of them.
Today, the stakes are higher still. The Privacy Act reforms now in force under the Privacy and Other Legislation Amendment Act 2024, the Security of Critical Infrastructure Act, the AML/CTF Tranche 2 reforms and the rapid adoption of AI have created a regulatory environment of genuine complexity. The businesses that navigate it best will be those with specialist advisers who see the full picture.
That is what we do.
WHO WE HELP
How we work.
We work with clients on retainer, on specific matters and on long-term advisory engagements — including specialist review of technology and vendor contracts for data privacy and cyber risk exposure.
We are not a large firm with high overheads and volume billing targets. We are a specialist practice that prices fairly, explains clearly and stays engaged. We use AI-assisted tools to work more efficiently, which means faster turnaround and stronger value for our clients — and our use of those tools is governed by the same standards we recommend to the organisations we advise.
Our clients typically come to us in one of three ways: they need urgent legal advice following an incident; they are building or reviewing their cyber risk and privacy frameworks before something goes wrong; or they want to build genuine cyber awareness across their leadership team or organisation.
In every case, our starting point is the same — understanding your business, your risk profile, your regulatory exposure and what a good outcome actually looks like for you.
10,000
Australians trained
30+
Years combined legal experience
7
Industry awards and nominations
1
The only Australian practice combining specialist cyber law with a national education program
Our Point of Difference
Law & Cyber is the only Australian practice that combines specialist cyber and technology legal advice with a dedicated national education program — having trained more than 10,000 Australians across law, financial services, property, the built environment, sport, retail, boards and general business.