Menu Search through site content What are you looking for?
Menu

Cyber Risk

One is a global, locally tailored, cyber risk solution

We are a law firm, but we are not your typical law firm. Our specialist team provides expert advice on how to address compliance risks, navigate crisis response, and respond to data protection and privacy issues across the full cyber lifecycle. We listened to clients and developed something different. It’s One.

Our team of dedicated cyber breach response specialists is one of the largest in the world. We manage the full lifecycle of global cyber risks for clients. We can provide support whenever and wherever you need it to restore continuity and get you back to business as usual. We assist clients on all cyber and related issues, from breach readiness audits to breach response, and through to successful resolution. 

In the event of a cyber incident, we would support you with a flexible suite of services, depending on the requirements, ranging from initial legal advice to providing a comprehensive breach response. 

Our service philosophy is built around the need to maintain business continuity. It is structured into three main categories of support: Readiness, Response and Recover.

Readiness - Preparation is key to boosting your organisation’s your cyber resilience.

Response - Responding decisively and effectively to an incident is critical to maintaining trust.

Recover - Navigating the legal and regulatory landscape to mitigate future risk.

Why choose Clyde & Co?

Our global team has handled over 4,000 cyber incidents and data breaches. We are one of the world’s leading cyber resilience firms. 

With over 60 offices internationally, we operate a ‘follow-the-sun’ model, with our teams in different regions available to assist around the clock. Enabling us to provide a 24/7/365 offering.

The One brand brings together the best of Clyde & Co’s international experience and combines it with a network of specialist partner cyber firms, adopting One approach, One standard and One process. We provide an unmatched platform of specialists delivering services in English and local languages wherever we operate under the One network.

We have extensive experience managing vendors across the lifecycle of an incident including careful scoping and management of costs. One approach across all jurisdictions with global and local vendor panels.

Our systems enable us to triage and populate incident reports in real time, allowing us to deliver cost effective, efficient reporting (including standardised 12, 24 or 48 hour reports), to enable clients to make an easy assessment of coverage.

24/7/365 cyber incident response lines

Find out details about our dedicated cyber incident response lines.

Find out more Clyde One

Click here

Contact us

Client Case Studies

Cyber simulations - forewarned is forearmed

Cyber simulations - forewarned is forearmed

Fast fashion fraud

Fast fashion fraud

Cyber team helps global company retrieve stolen data

Cyber team helps global company retrieve stolen data

Crime doesn’t pay

Crime doesn’t pay

Stronger Together. Support every step of the way

Cyber simulation workshop

Cyber simulation workshop

Data mining

Data mining

Meet the breach coach

Meet the breach coach

Our approach to vendor management

Our comprehensive panel gives you the best extended team of:

  • IT forensics
  • PR/crisis communications
  • Credit/identity monitoring services
  • Notification services
  • Data mining
  • Cyber extortion negotiators
  • Payment due diligence
  • Digital currency wallet providers

Our Cyber risk contacts

Helen Bourne

Partner

St Botolph Building
138 Houndsditch
London
EC3A 7AR
UK & Europe

Helen jointly leads the global cyber team and advises both insurers and corporate entities on a wide range of cyber risk matters including incident response. She works closely with the global team on cross-jurisdictional incidents and has significant experience dealing with data protection regulators, including coordinating EU wide regulatory investigations.

+44 (0) 20 7876 5000 View details

John Moran

Partner

Clyde & Co
Level 15,
333 George Street
Sydney
NSW 2000
Asia Pacific

John is a recognised leader in cyber risk and incident response space and jointly leads the global cyber team. John manages Australia’s leading cyber incident response teams and his team have advised on over 700 cyber incidents in recent times, including on some of the most high profile and complex incidents, both locally and globally.

+61 2 9210 4974 View details

Ian Birdsey

Partner

St Botolph Building
138 Houndsditch
London
EC3A 7AR
UK & Europe

Ian advises corporate and insurer clients on managing domestic and international cyber incidents and data breaches, claims and recovery actions, regulatory investigations and subsequent litigation including group claims. Ian jointly leads the global cyber team and assists clients to improve their overall cyber resilience through a range of pre-breach services such as cyber simulations.

+44 20 7876 6272 View details

Our Cyber Risk Work

  • All
  • Africa
  • Americas
  • Asia Pacific
  • Middle East
  • UK & Europe
  • Acting as GDPR Counsel following a data breach

    The breach which necessitated notice to all 28 EU supervisory authorities and involved managing a number of regulatory investigations across the EU.

    United Kingdom

    Acting for a larges water distributor-retailers in in relation to its incident response

    Acting for one of the largest water distributor-retailers in Australia in relation to its incident response following a high value, major technology supply chain failure which had the potential to impact services to over 1.5 million customers.

    Australia

    Acting for a major logistics provider in relation to lost employee data

    This included negotiations with the ICO and dealing with employment law implications and customer communications.

    United Kingdom

    Acting on the instructions of a multi-national insurer as local breach counsel

    Acting on the instructions of a multi-national insurer as local breach counsel in respect of a fraudulent payment scheme involving suspected social engineering under its South Africa cyber policy.

    South Africa

    Advising a financial institution following a personal data breach incident

    Advising a financial institution in Singapore following a personal data breach incident involving unauthorised emails sent from the computer system of a third party service provider to the customers of the financial institution.

    Singapore

    Advising a government agency on contracting risks

    Advising a local New Zealand government agency on cloud services contracting risks including cross-border data breach reporting obligations.

    New Zealand

    Advising a government company on adjustments to its terms and conditions

    Advising a Saudi government company on adjustments to its terms and conditions to address cyber risk and liability.

    Saudi Arabia

    Advising a government entity on the outsourcing of services

    Advising a government entity in Oman on the outsourcing of services to a third party operator to support the establishment of a national cybersecurity operations centre

    Oman

    Advising a regulated business on the cyber hacking of its systems

    This resulted in the loss of significant numbers of customer data including financial, sensitive personal data and credit card details.

    United Kingdom

    Advising in relation to a high profile claim involving the breach of personal data

    Advising in relation to a high profile claim in Hong Kong involving the breach of personal data privacy laws, the first large-scale contactless smartcard payment system in Hong Kong, including defence of investigations by the PCPD.

    Hong Kong
  • Acting on the instructions of a multi-national insurer as local breach counsel

    Acting on the instructions of a multi-national insurer as local breach counsel in respect of a fraudulent payment scheme involving suspected social engineering under its South Africa cyber policy.

    South Africa
  • Advising on cybersecurity risk mitigation

    Advising companies on their cybersecurity posture and risk management techniques.

    United States

    Litigating cyber claims

    Litigating claims arising out of negligent cybersecurity and data maintenance, and data privacy claims.

    United States

    Developing cyber incident response plans

    Development and drafting of cyber incident response plans for clients, including employee education presentations.  

    United States

    Advising clients on cryptocurrency risk management

    Advising policyholders and insurance industry participants on the risks presented by the possession of cryptocurrency and suggested mitigation strategies.

     

    United States

    Developing cyber insurance products

    Development and drafting of cyber insurance policies for insurance companies.  

    United States

    Litigating data breach claims

    Representing insurers in insurance coverage litigation arising under cyber insurance policies.

    United States

    Litigating cyber insurance claims

    Litigating a claim against a vendor that suffered a data breach leading to business interruption losses by our client.

    United States
  • Assisting a nationwide business following a ransomware attack

    Assisting a nationwide fuel trucking business following a ransomware attack infecting multiple servers which resulted in the potential inability to provide fuel to a number of the largest transport operators in Australia.

    Australia

    Acting for a larges water distributor-retailers in in relation to its incident response

    Acting for one of the largest water distributor-retailers in Australia in relation to its incident response following a high value, major technology supply chain failure which had the potential to impact services to over 1.5 million customers.

    Australia

    Advising in relation to a high profile claim involving the breach of personal data

    Advising in relation to a high profile claim in Hong Kong involving the breach of personal data privacy laws, the first large-scale contactless smartcard payment system in Hong Kong, including defence of investigations by the PCPD.

    Hong Kong

    Advising a government agency on contracting risks

    Advising a local New Zealand government agency on cloud services contracting risks including cross-border data breach reporting obligations.

    New Zealand

    Advising a financial institution following a personal data breach incident

    Advising a financial institution in Singapore following a personal data breach incident involving unauthorised emails sent from the computer system of a third party service provider to the customers of the financial institution.

    Singapore
  • Advising a government entity on the outsourcing of services

    Advising a government entity in Oman on the outsourcing of services to a third party operator to support the establishment of a national cybersecurity operations centre

    Oman

    Advising a government company on adjustments to its terms and conditions

    Advising a Saudi government company on adjustments to its terms and conditions to address cyber risk and liability.

    Saudi Arabia
  • Acting for a major logistics provider in relation to lost employee data

    This included negotiations with the ICO and dealing with employment law implications and customer communications.

    United Kingdom

    Advising a regulated business on the cyber hacking of its systems

    This resulted in the loss of significant numbers of customer data including financial, sensitive personal data and credit card details.

    United Kingdom

    Advising UK and European clients in relation to fraudulent wire transfers following O365 compromise

    Advice extended in one case to any potential recovery of the misdirected funds and in another, to defence of contractual claims in circumstances where the client owed outstanding sums as a result of the fraud.

    United Kingdom

    Acting as GDPR Counsel following a data breach

    The breach which necessitated notice to all 28 EU supervisory authorities and involved managing a number of regulatory investigations across the EU.

    United Kingdom

    Representing a private bank following the theft of credit and payment card details by an employee

    Including managing the internal investigation and dealing with the ICO, Financial Conduct Authority and the Prudential Regulation Authority.

    United Kingdom

    Managing an international data breach for a financial services client

    This was following a multi-million dollar payment diversion fraud including notifying regulators and clients in dozens of different jurisdictions and settling the claim by the defrauded customer.

    United Kingdom

Our Cyber Risk team

Lee Astfalck
Lee Astfalck

Partner

Mark Beswetherick
Mark Beswetherick

Partner

Ian Birdsey
Ian Birdsey

Partner

Helen Bourne
Helen Bourne

Partner

Nathalie David
Nathalie David

Partner

John Moran
John Moran

Partner

Simon McConnell
Simon McConnell

Managing Partner

Reshana Pillay
Reshana Pillay

Partner

Ian Roberts
Ian Roberts

Managing Partner

Dr. Henning Schaloske
Dr. Henning Schaloske

Partner

Mun Yeow
Mun Yeow

Partner

Show more
View all Cyber Risk partners

Show more