Cyber and data security

Our international cyber capability comprises a team of cyber law specialists with deep cross-practice expertise which we deploy based on the nature of the issue. Cyber risk is a core business issue, with the potential to present a critical hazard to your reputation, operations, finances, customers, contractors and suppliers. It is increasingly a c-suite issue. On the positive side, properly defined cyber-risk management and compliance projects can substantially improve stakeholder confidence and investment appetite, as well as aiding regulatory and legal resolution in the event of an incident.
  • Profile
  • Experience
  • Key contacts

We offer a holistic cyber and data security service, ready to stand-up crisis management, incident legal response, and disputes experts where needed. whilst also focusing on prevention, resilience, and threat response planning to help our clients, and their legal teams, prepare for and mitigate the impact of potential incidents.

Incident response

We provide business-critical crisis support and breach counsel advice to clients suffering business-critical incidents, working in tandem with inhouse teams and external specialists.

  • Our team-members have experience of working across the full range of cyber events, from catastrophic ransomware incidents, nation-state espionage and business-email compromise fraud through to insider attacks and "bad leaver" security incidents, and we regularly partner with external forensic, PR and other providers to provide a seamless incident response service.
  • We often act for international organisations with a global footprint and are used to providing and coordinating 24/7 international incident response services via our international network and third-party specialist-firms that we work with.
  • We engage with regulators, data subjects, customers and suppliers and other impacted stakeholders to ensure our clients comply with their legal obligations while managing their legal exposure appropriately.
  • We support clients through regulatory investigations and enforcement activity connected to incidents, and follow-on litigation (see also our specialist technology and data disputes team).

In the event of an urgent incident, please email us at or contact any of the team.

Cyber advisory

We help GCs, in-house legal teams and company boards to manage cyber risks and enhance their organisational legal response capability with defined cyber and data security legal projects. These include:

  • Legal response planning: In the event of a business-critical incident, the early hours are key and a lack of before-the event planning can make a bad situation worse. On the other hand, a defined and practiced pre-incident plan allows stakeholders to react fast, decisively, and in accordance with agreed policy positions to take control of the situation and mitigate ongoing damage. Well thought-out plans provide comfort to investors and other key stakeholders as to the cyber-readiness of an organisation. We ensure that legal response plans dovetail with other organisational and technical plans.
  • Regulatory compliance: As more sectors are brought within scope of cyber regulation and legislation, with punitive fines and the risk of reputational damage for non-compliance, ensuring compliance with current and future regulation has never been more important. We provide advice on regulatory issues and questions relating to current and future regulation in this ever changing and multi-national regulatory area. We can also partner with technical providers where clients require holistic technical and legal expertise to test their regulatory compliance.
  • Audits and investigation support: In a world of heightened national tensions and cyber threats, governments and regulatory bodies are increasingly turning to auditing and investigatory powers to routinely test and assess organisations, especially those deemed important to the national interest. Our lawyers have experience of supporting clients in their engagement with such processes, advocating for their practical and commercial needs while seeking to work cooperatively with national stakeholders.

The team-members have the following experience, including experience gained at previous firms.

Global corporate

Acting as breach counsel for an international corporate in respect of a ransomware attack and data breach. This included strategic advice and risk assessment, regulatory notifications and regulator engagement (UK and international), legal advice on public communications, press releases, customer and employee notifications and responses to DSARs, integration and direction of forensic investigations, strategy for staged remediation and relaunch.

Global corporate

Advising a global corporate services provider in respect of a cyber breach conducted by a nation-state sponsored threat actor. Advising on interactions with customers, litigation risk and negotiations and law enforcement engagement.

Large corporates

Advising on and preparing pre-incident policy documents for legal teams, including ransomware response specific polices. Advising on and drafting specific ransom response policies specific to clients' regulatory position; integration with clients' existing policies.

Global financial services corporate

Advising a global financial services corporate in respect of a business-critical ransomware attack and data breach. This included immediate crisis response, regulatory notifications and engagement, appointing and instructing forensic specialists and advising on limiting financial obligations to third parties.

Global corporate

Assisting a global corporate client to identify and restrain the misuse of confidential information to publish harmful and defamatory reports and statements online and coordinating with forensic investigators to identify the likely source of the attack.

M&A client

Advising a buyer on potential losses to the target in the context of an M&A transaction during which the target suffered a ransomware attack and data breach impacting data subjects across multiple jurisdictions.

Global financial services corporate

Advising a financial services corporate in respect of a ransomware attack and data breach, including working with forensic advisors, deep dive analysis of impacted data, advising on data privacy notification requirements and strategy, coordinating and preparing data subject notifications and multiple regulator notifications. Advising on follow up pre-action litigation threats. 

Ransomware victim

Acting for an impacted ransomware corporate in respect of data privacy / GDPR claims raised by groups of allegedly impacted data subjects.

Financial services corporate

Advising a financial services corporate in respect of a BEC fraud / man in the middle attack including analysis to identify fraud tactics and advise on the risk of internal compromise, advising on the chances of recovery and engagement with the relevant counterparty, data privacy notification requirements and communications with insurers.

IT customer

Advising a customer in respect of a claim against its IT supplier due to a breach of the customer’s managed IT service and ransom attack. Advising on pre-action correspondence and settlement negotiations with the supplier.

Latest news & insights

05 Sep 2023

From Insights

Data Protection update - August 2023

Welcome to the Stephenson Harwood Data Protection bulletin, covering the key updates in data protection law from August 2023.


© Stephenson Harwood LLP 2016. Any reference to Stephenson Harwood in this document means Stephenson Harwood LLP and/or its affiliated undertakings. Any reference to a partner is used to refer to a member of Stephenson Harwood LLP.