Ambre Cross

Full Profile

Ambre is an experienced Associate based in Manchester and a key member of the firm’s regional cyber team. 

Ambre has experience managing and advising a wide variety of corporate and insurer clients in relation to both domestic and international cyber security incidents and personal data breaches. 

She is highly experienced in dealing with all aspects of incident response. She routinely advises clients on their regulatory obligations in both the UK and EU, pursuant to relevant data protection legislation, and is also experienced in managing data breach response globally, with assistance from local counsel. She has experience dealing with a variety of regulators including the ICO, FCA, SRA and the Charity Commission. She advises on all legal issues arising from a cyber incident, including the legality of ransomware payments. Ambre also deals with the subsequent third-party litigation arising from a personal data breach and has represented clients facing group claims from multiple claimants. 

In addition to the contentious aspects of her role, Ambre also advises insurers on cyber coverage issues.

Before becoming a cyber specialist, Ambre was an experienced litigator with extensive experience in both civil and commercial litigation. Her knowledge and expertise were commended in Legal 500 in 2021.  

Experience

• Assisting a variety of clients on cyber security incidents both domestically and internationally, and advising on all issues, including legal, regulatory and litigation. 
• Advising various US companies in relation to the applicability of the UK/EU GDPR following a personal data breach and their subsequent exposure. 
• Advising a financial institution following a ransomware incident, to include advising on the legality of ransomware payments, and engagement with regulators including the ICO and FCA. 
• Advising an international organisation following a ransomware incident and assisting their response to the incident which impacted multiple territories including the UK, EU and various other ‘Rest of World’ jurisdictions. 
• Advising a sporting institution following a business email compromise in relation to regulatory reporting requirements. 
• Representing an organisation in the hospitality sector in relation to third party litigation arising from a data breach. 
• Assisting a law firm following a business email compromise to include advising on regulatory reporting requirements and engagement with regulators including the ICO and SRA.