Carson McDowell has an established team of experienced lawyers that advises across the full cyber security life cycle, from prevention to planning, incident response and post-incident recovery. We work closely with businesses to train staff, institute policies and procedures and assist with rapid responses in the event of a cyber security incident occurring.
The ease with which confidential or commercially sensitive information can be unlawfully obtained and/or circulated is a growing challenge for many businesses. Data breaches, cyber attacks, hacking, loss of confidential information and regulatory investigations/proceedings can all put at risk the reputation of a business, its brands and its directors. Our cyber security team, which has an unrivalled breadth and depth of expertise and includes specialists from our information law, insurance, litigation and dispute resolution, commercial, corporate and employment teams amongst others, helps businesses alleviate this risk and ensures that any issues they may face are met with pragmatic, innovative and commercial solutions.
What we do
- Assisting with the establishment of information / cyber security policies, procedures and governance structures to manage regulatory compliance and mitigate against cyber risk and the impact of a cyber security incident
- Assisting with the preparation for cyber breaches, including the design and implementation of a tailored cyber response plan
- Advising on appropriate information, cyber and data security contractual provisions with all third parties to mitigate the risk, and impact, of a cyber attack
- Advising on effective incident response planning and testing
- Advising on methods to reduce the risk and consequences of regulatory enforcement
- Managing a cyber incident response in conjunction with internal and/or third party technical incident response teams or advising on discrete elements of the response as required
- Advising and managing regulatory notifications and reporting and liaising with law enforcement authorities as appropriate
- Supporting and assisting with any internal investigations to include any appropriate disciplinary proceedings
- Managing communications with affected third parties and the media
- Advising on any litigation arising from a cyber incident to include dealing with IP and information theft
- Conducting due diligence of potential M&A targets and advising on cyber security issues as part of joint ventures and projects work
- Providing training on data protection and legal requirements