Clifford Chance
Cyber security is a board-level risk, not just an IT priority.
In a digital age where online threats are progressing at an unprecedented pace, our team of cross-practice cyber lawyers deliver robust advice and support to clients across the globe.
We combine technical expertise with an in-depth knowledge of the evolving global legal and regulatory cyber landscape. Our knowledge comes from extensive client work, engagement with industry forums and key relationships with regulatory authorities and policymakers.
Our lawyers work closely with an internal specialist forensic team, comprising experienced accountants and forensic technologists based in London and New York. This forensics capability provides key benefits for clients in cyber incident response and investigations, including malware and ransomware cases, insider threat, data loss and network intrusions.
Our extensive track record includes working for client across the full spectrum of cyber advice. We focus on your risk approach and alignment with your wider cyber and operational resilience strategy, on a three-pronged approach, targeting governance, engagement, and response.
Areas in which we can support you include:
Governance
- Leadership:
- Board risk oversight
- Organisational risk tolerance and appetite
- Strategy:
- Operating structure and model
- Information risk:
- Policies and standards
- Third party management
- Supply chain risk
- Transactional exposure
- Compliance risk:
- Data protection and privacy
- Reporting frameworks
- Policy monitoring
- Risk assessments
Engagement
- Education:
- Security education and awareness
- Architecture:
- Business continuity planning
- Security architecture mapping (TOMs)
- Data mapping
- Product security
- Monitoring:
- Legal risk monitoring and scoring
- Horizon scanning
- Incident preparation:
- Practice exercises
- Communication planning
- Cyber incident plan design and refresh
Response
- Security incident response:
- Crisis management support
- Complex internal investigations
- Forensics and document management support
- Notifications to authorities and law enforcement
- Engagement with stakeholders and data subjects
- Public enforcement:
- Submissions and responses to regulators
- Challenging adverse decisions, penalties and appeals
- Regulatory engagement and policy
- Private enforcement:
- Litigation risk
- Defending litigation
- Vicarious liability considerations
- Remediation:
- Root cause and lessons learnt analysis
- Governance remediation
- Ongoing monitoring
