Sector focused cyber security
Our cross-jurisdictional expertise in maritime risk, crisis management, insurance and regulation means that HFW is ideally placed to assist with any cyber-related query or incident. We have a dedicated Cyber Team, which draws on the extensive skills and experience of our lawyers across our different sector groups and global offices. HFW are recognised experts in advising our clients on major incident prevention and response.
What we do
We can assist our clients in identifying where their cyber exposure lies, how best to mitigate these risks and, if an attack does happen, we have a renowned international crisis response team operating out of our global network of offices, as well as an extensive network of external legal contacts and experts. We provide clients with a 24/7 response to decisively minimise the damage in cyber-related incidents.
HFW's clients include multinational and Fortune 500 companies, financial institutions, governments, international airlines, insurers and policy holders. Our global network of lawyers have extensive expertise and experience of dealing with incident response including:
- Co-ordinating and resolving extortion/hijacking incidents including over 120 major incidents in the last 10 years in Afghanistan, the Middle East, Nigeria, North Africa, the Philippines, Somalia, South America, Europe and elsewhere.
- Resolving ransom compliance issues to the satisfaction of G8 Governments, international banks, insurance companies and other listed and regulated entities.
- Managing responses in complex environments with complications of terrorism, money laundering, proceeds of crime, bribery and UN/EU/UK and US sanctions.
- Managing regulatory and compliance notifications including with UK and US authorities including GDPR, Data Protection Directive/Data Protection Act and sector specific regulations.
- Advising on and resolving consequential contractual liabilities (specifically, arising from denial of service/data loss resulting in potential business interruption, damage to industrial control systems, critical control systems, damage to the environment and bodily injury).
- Seeking emergency injunctions to support breach response (specifically “super-injunctions”, freezing injunctions, and production orders).
- Advising on the management of incidents and post-incident phases; attending onsite to mitigate claims, secure documents and evidence, retaining privilege and assisting with third party recoveries.
- Engaging with third party service providers (specifically, response consultants, forensic consultants, public relations, operational logistics and security and intelligence providers).
- Crisis management, in conjunction with IT consultants, forensic accountants, and PR firms
- Reputation and social media management in conjunction with PR firms
We strongly believe in prevention and, wherever possible, advise clients on how they might mitigate their legal exposure to cyber threats. With such advice including:
- Contractual Liability - Reviewing clients' contractual frameworks, with the aim of contractually offsetting liability for the cyber threat and otherwise identifying possible sources of contractual liability.
- Insurance Coverage – Advising on insurance coverage, potential gaps in cover and conducting policy reviews.
- Policies and Procedure – Reviewing clients' policies and procedures for responding to a cyber event to identify potential existing cyber risks and to improve cyber resilience.
- Training – Providing training and advice on compliance with the GDPR and other data protection regimes. Providing training on a "catastrophe event" scenario to assist in preparing an emergency response plan should a cyber breach take place.
We have recently assisted clients with projects including:
- Training yacht masters and crew on potential liabilities arising out of a cyber event.
- Advising on cyber coverage issues under policies available in the London market.
- Negotiating and drafting cyber clauses for inclusion in charterparties, ship management agreements and other commercial contracts.
- Advising on cyber extortion arising from data theft, including recent high profile incidents.
- Advising on denial of service incidents including an incident widely reported in the worldwide media
- Advising on mandate and social engineering fraud
Where we consider it necessary, we work with third party service providers (specifically cyber security providers) who can provide a technical analysis of the cyber threats currently facing businesses.