All situations which can quickly spiral out of control if not handled with professionalism and efficiency, data breaches, IT failures and cyber attacks can cause serious and long-lasting damage to businesses. From risks of global reputational damage, to diminishing trust from key stakeholders, ensuring survival in the aftermath of a breach requires assistance from an experienced cyber security lawyer.

Specialists in cyber security law, the Womble Bond Dickinson team of cyber risk advisors work alongside companies from a wide range of industries, helping them to prevent attacks, minimise risks and manage exposures. Offering a comprehensive service which spans from proactive prevention and response strategies, to post-event management and investigations, clients from every sector can expect unparalleled assistance at every stage.

A leading voice in cyber security law, our team is uniquely composed of specialists from both the insurance and data protection sectors. This dual background ensures that our advice is fully-informed, and gives both insurers and their policyholders confidence in the knowledge that their legal advisors have a complex understanding of the myriad of risks which surround data breaches and cyber attacks. 

Cyber security law services

An increasingly common issue which can affect any company with a digital footprint, cyber incidents can range from phishing scams, failed data access, integrity attacks and accidental IT failures, to targeted hacking, insider threats and electronically-initiated fraud. Whatever the cause, however, incidents which put data and money at risk are dealt with quickly and efficiently by our team to ensure that business interruption is kept to a minimum.

At Womble Bond Dickinson, our cyber risk and incident response services are designed to minimise future liability and mitigate risk. To that end, we take a two-pronged approach and assist clients with both pre-emptive measures and post-breach response.

Pre-emptive services

  • Lead data audits and analysis of how data flows and computer systems impact cyber risk and associated legal obligations
  • Assist with creation of incident response plans and data policies and procedures 
  • Draft cyber policy wordings
  • Provide data protection and incident response training to executives, risk teams, technologists and client’s employees
  • Assist with creation of an incident response team
  • Facilitate table-top training exercises for IRT, C-Suite and board of directors
  • Listen to and advise clients on protections and processes built for the precise needs and obligations of that business.

Breach response services

  • Act as a dedicated first response team with 24/7 availability, capable of rapidly identifying issues and managing exposures by following our pre-developed plan
  • Investigate data incidents and help coordinate the client’s response, preserving privileges and minimising legal, reputational, and business risk
  • Advise on cyber policy coverage
  • Assist with crisis communications with stakeholders, policyholders, insurers and other key parties to minimise reputational impact, as well as manage interactions with regulators and law enforcement
  • Ensure compliance with breach notification laws, regulations, system rules and contract obligations, including GDPR and HIPAA
  • Devise response plans which benefit both clients and affected third parties 
  • Create e-discovery strategies including preservation, collection, and review 
  • Manage and/or represent clients in any litigation, regulatory actions, or other investigations arising out of cyber security incidents
  • Contribute to a lessons-learned review of the incident to mitigate future risk and minimise legal liability. 

Clients of our cyber attack solicitors

Representing and advising clients from a wide range of sectors, our team of cyber attack solicitors have experience serving major insurance companies and corporate policy holders within the healthcare, finance, communications and retail industries, as well as organisations operating in non-profit, university and government spheres. Practised in getting to know businesses before advising on data protection, risk mitigation and incident responses, our team prides themselves on their ability to provide tailored guidance which takes into account all stakeholders.

Whether you’re looking for instant and informed cyber attack advice to help aid your recovery from a recent incident, or want to integrate your existing incident response team with our own lawyers to improve its effectiveness, help from our cyber security law firm is always available. To find out more about how we can help you build your cyber attack defences, simply fill out our online contact us form, and a member of the team will be in touch.

What we do

Breach response

  • Investigate data incidents and help coordinate the client’s response, preserving privileges and minimizing legal, reputational, and business risk
  • Advise on cyber policy coverage
  • Manage interactions with regulators and law enforcement
  • Ensure compliance with breach notification laws, regulations, system rules and contract obligations, including GDPR and HIPAA
  • Devise response plans which benefit both clients and affected third parties 
  • Create e-discovery strategies including preservation, collection, and review 
  • Manage and/or represent clients in any litigation, regulatory actions, or other investigations arising out of cyber security incidents
  • Contribute to a lessons-learned review of the incident to mitigate future risk and minimize legal liability  

Pre-emptive services

  • Lead data audits and analysis of how data flows and computer systems impact cyber risk and associated legal obligations
  • Assist with creation of incident response plans and data policies and procedures 
  • Draft cyber policy wordings
  • Provide data protection and incident response training to executives, risk teams, technologists and client’s employees
  • Assist with creation of Incident Response Team
  • Facilitate table-top training exercises for IRT, C-Suite and board of directors
  • Listen to and advise clients on protections and processes built for the precise needs and obligations of that business

Examples of work

  • Improved data resilience for RAI by conducting tabletop exercises and regular team meetings to examine changes in technology and regulation, and to update definitions and policies
  • Advised Heartland Payment System in its response to the loss of 130 million credit card data sets
  • Successfully represented the State of South Carolina in litigation involving the exposure of six million tax records
  • Assisted major public university in recovery from an extensive data exposure incident
  • Addressed healthcare vendor data exposures affecting employees and retirees of client companies
  • Investigated and advised on liability and recovery actions after £millions diverted from law firm accounts in phishing scams leading to significant recoveries
  • Advised on email fraud perpetrated on bond broker causing clients funds to be diverted to fraudsters. Obtaining partial recovery from insurance agent
  • Advised on hack of insurance broker's email account and dealing with regulatory action ensuring compliance but minimization of profile of incident
  • A national retailer exposed information about tens of thousands of customers on its website during a project to migrate to a new server. Working with the retailer's IT team, we determined what data had been accessed and we advised about notification to the regulator and customers.  We also advised on the recovery from a negligent IT contractor
  • A major security breach as a result of hard-drives, containing 3,000,000+ banking records, not being securely destroyed.  We advised on how to manage the breach, worked with IT forensics to assess the accessibility of the data on the hard-drives and drafted the notification to the ICO.  Our client's prompt and comprehensive response, along with the extremely detailed report submitted to the ICO, meant that the ICO took no further action
  • A disgruntled employee stole a customer data and sent malicious communications to the retailer's customers. We investigated the incident and prepared responses to the ICO's request for information following a customer complaint to the ICO. We also advised on the disciplinary proceedings against the employee and a possible defamation action in relation to the malicious communications
  • A large medical training provider suffered a serious email hacking incident. We advised on issues relating to proceedings against the hacker and an IT provider.  We also defended an ensuing libel claim
  • Client’s HR manager took home HR records (including medical information) about employees and accidentally misplaced them when the records should have been stored in a locked cabinet. We advised on pro-actively notifying the regulator. As a result, the regulator accepted that this was a one-off incident that did not require further investigation.

All situations which can quickly spiral out of control if not handled with professionalism and efficiency, data breaches, IT failures and cyber attacks can cause serious and long-lasting damage to businesses. From risks of global reputational damage, to diminishing trust from key stakeholders, ensuring survival in the aftermath of a breach requires assistance from an experienced cyber security lawyer.

Specialists in cyber security law, the Womble Bond Dickinson team of cyber risk advisors work alongside companies from a wide range of industries, helping them to prevent attacks, minimise risks and manage exposures. Offering a comprehensive service which spans from proactive prevention and response strategies, to post-event management and investigations, clients from every sector can expect unparalleled assistance at every stage.

Find an expert

Our expertise in cyber risk

A leading voice in cyber security law, our team is uniquely composed of specialists from both the insurance and data protection sectors. This dual background ensures that our advice is fully-informed, and gives both insurers and their policyholders confidence in the knowledge that their legal advisors have a complex understanding of the myriad of risks which surround data breaches and cyber attacks. 

Cyber security law services

An increasingly common issue which can affect any company with a digital footprint, cyber incidents can range from phishing scams, failed data access, integrity attacks and accidental IT failures, to targeted hacking, insider threats and electronically-initiated fraud. Whatever the cause, however, incidents which put data and money at risk are dealt with quickly and efficiently by our team to ensure that business interruption is kept to a minimum.

At Womble Bond Dickinson, our cyber risk and incident response services are designed to minimise future liability and mitigate risk. To that end, we take a two-pronged approach and assist clients with both pre-emptive measures and post-breach response.

Pre-emptive services

  • Lead data audits and analysis of how data flows and computer systems impact cyber risk and associated legal obligations
  • Assist with creation of incident response plans and data policies and procedures 
  • Draft cyber policy wordings
  • Provide data protection and incident response training to executives, risk teams, technologists and client’s employees
  • Assist with creation of an incident response team
  • Facilitate table-top training exercises for IRT, C-Suite and board of directors
  • Listen to and advise clients on protections and processes built for the precise needs and obligations of that business.

Breach response services

  • Act as a dedicated first response team with 24/7 availability, capable of rapidly identifying issues and managing exposures by following our pre-developed plan
  • Investigate data incidents and help coordinate the client’s response, preserving privileges and minimising legal, reputational, and business risk
  • Advise on cyber policy coverage
  • Assist with crisis communications with stakeholders, policyholders, insurers and other key parties to minimise reputational impact, as well as manage interactions with regulators and law enforcement
  • Ensure compliance with breach notification laws, regulations, system rules and contract obligations, including GDPR and HIPAA
  • Devise response plans which benefit both clients and affected third parties 
  • Create e-discovery strategies including preservation, collection, and review 
  • Manage and/or represent clients in any litigation, regulatory actions, or other investigations arising out of cyber security incidents
  • Contribute to a lessons-learned review of the incident to mitigate future risk and minimise legal liability. 

Clients of our cyber attack solicitors

Representing and advising clients from a wide range of sectors, our team of cyber attack solicitors have experience serving major insurance companies and corporate policy holders within the healthcare, finance, communications and retail industries, as well as organisations operating in non-profit, university and government spheres. Practised in getting to know businesses before advising on data protection, risk mitigation and incident responses, our team prides themselves on their ability to provide tailored guidance which takes into account all stakeholders.

Whether you’re looking for instant and informed cyber attack advice to help aid your recovery from a recent incident, or want to integrate your existing incident response team with our own lawyers to improve its effectiveness, help from our cyber security law firm is always available. To find out more about how we can help you build your cyber attack defences, simply fill out our online contact us form, and a member of the team will be in touch.

 

What we do

Breach response

  • Investigate data incidents and help coordinate the client’s response, preserving privileges and minimizing legal, reputational, and business risk
  • Advise on cyber policy coverage
  • Manage interactions with regulators and law enforcement
  • Ensure compliance with breach notification laws, regulations, system rules and contract obligations, including GDPR and HIPAA
  • Devise response plans which benefit both clients and affected third parties 
  • Create e-discovery strategies including preservation, collection, and review 
  • Manage and/or represent clients in any litigation, regulatory actions, or other investigations arising out of cyber security incidents
  • Contribute to a lessons-learned review of the incident to mitigate future risk and minimize legal liability  

Pre-emptive services

  • Lead data audits and analysis of how data flows and computer systems impact cyber risk and associated legal obligations
  • Assist with creation of incident response plans and data policies and procedures 
  • Draft cyber policy wordings
  • Provide data protection and incident response training to executives, risk teams, technologists and client’s employees
  • Assist with creation of Incident Response Team
  • Facilitate table-top training exercises for IRT, C-Suite and board of directors
  • Listen to and advise clients on protections and processes built for the precise needs and obligations of that business
In need of a cyber security lawyer? Look no further.
At Womble Bond Dickinson we have an exceptional team of talented lawyers and business professionals who can offer guidance and find the solutions right for your business. We have both broad and niche expertise across all our UK and US offices.

Examples of our work and how we’ve helped companies of all sizes with a wide range of challenges.

  • Improved data resilience for RAI by conducting tabletop exercises and regular team meetings to examine changes in technology and regulation, and to update definitions and policies
  • Advised Heartland Payment System in its response to the loss of 130 million credit card data sets
  • Successfully represented the State of South Carolina in litigation involving the exposure of six million tax records
  • Assisted major public university in recovery from an extensive data exposure incident
  • Addressed healthcare vendor data exposures affecting employees and retirees of client companies
  • Investigated and advised on liability and recovery actions after £millions diverted from law firm accounts in phishing scams leading to significant recoveries
  • Advised on email fraud perpetrated on bond broker causing clients funds to be diverted to fraudsters. Obtaining partial recovery from insurance agent
  • Advised on hack of insurance broker's email account and dealing with regulatory action ensuring compliance but minimization of profile of incident
  • A national retailer exposed information about tens of thousands of customers on its website during a project to migrate to a new server. Working with the retailer's IT team, we determined what data had been accessed and we advised about notification to the regulator and customers.  We also advised on the recovery from a negligent IT contractor
  • A major security breach as a result of hard-drives, containing 3,000,000+ banking records, not being securely destroyed.  We advised on how to manage the breach, worked with IT forensics to assess the accessibility of the data on the hard-drives and drafted the notification to the ICO.  Our client's prompt and comprehensive response, along with the extremely detailed report submitted to the ICO, meant that the ICO took no further action
  • A disgruntled employee stole a customer data and sent malicious communications to the retailer's customers. We investigated the incident and prepared responses to the ICO's request for information following a customer complaint to the ICO. We also advised on the disciplinary proceedings against the employee and a possible defamation action in relation to the malicious communications
  • A large medical training provider suffered a serious email hacking incident. We advised on issues relating to proceedings against the hacker and an IT provider.  We also defended an ensuing libel claim
  • Client’s HR manager took home HR records (including medical information) about employees and accidentally misplaced them when the records should have been stored in a locked cabinet. We advised on pro-actively notifying the regulator. As a result, the regulator accepted that this was a one-off incident that did not require further investigation.