Cyber + Data Security
Cyber Incident Helpline
AUSTRALIA: 1800 316 706
NEW ZEALAND: 0800 WK Claims (in NZ)
+64 9 600 5570 (international callers)
Businesses, government agencies and organisations of all sizes and in all sectors face increasing risks from data breaches, cyber crime and systems corruption. As society becomes more digitised, the threat of cyber events will increase.
Regulation is on the rise
Since mandatory reporting was introduced in Australia in February 2018, notifications have increased ten-fold. More stringent privacy and data regulation raises the costs of managing a breach and increases the likelihood of prosecutions and claims from those affected.
In New Zealand, there were 132 cyber incidents last financial year that potentially compromised customers’ data. With privacy regulation soon to come online in New Zealand, insurers and their clients need to be extremely careful in how they deal with and protect customers’ information.
How can we help
Our cyber team is led by Andrew Moore, Mark Anderson and Kieran Doyle. Since 2010, they have provided cyber and data security legal advice to clients – ranging from small and medium enterprises to large multinational corporations. We can help with:
- Making sure you’re prepared – we can come into your organisation, check your practices and policies and advise on training your team to make sure you have the best protection possible.
- Managing a cyber incident when it occurs – or if you suspect you may have had a breach – our dedicated 24/7 Cyber Incident Helpline means your legal team is only a phone call away.
- Finding help – there are many things you need to think about when things go wrong. We have close partnerships with a select group of international cyber specialists who we retain to respond immediately in the event of a cyber incident, to restore systems and data where possible, evaluate cyber losses, provide crisis communications support, and conduct robust post-incident security reviews.
- Responding to the breach – reporting the incident, notifying customers and managing the process with regulators can be daunting, so bringing in a team that is experienced in managing similar situations is critical.
- Getting your business up and running again – at the best of times, cyber breaches interrupt normal business. But they can also be much nastier, involving extortion, property and data loss, reputational damage, regulatory investigations and prosecutions, and civil claims including class actions. Our team can help you manage the fall out from cyber and data breaches through to final settlement.
- Cyber liability and insurance claims – we can provide you with the answers to coverage questions and whether there is a third party who may be responsible.
Just as cyber attacks are without borders, so is our service. Wotton + Kearney is part of a global cyber response panel led by our Legalign Global alliance partners DAC Beachcroft in the UK, Central and South America, BLD Bach Langheid Dallmayr in continental Europe, and Wilson Elser in the US. Call us when you need global response capabilities.
Examples of how we have helped insurers and their clients to manage cyber risks and incidents include:
Managing notifications under Australian privacy law
Acting for organisations in instances of brute force, phishing and Office 365 compromises involving the compromise of data records, requiring potential mandatory notification, handling sensitive communications to customers, and managing reputational risks.
Hacker damage from ransomware
Advising insurers and their clients on coverage for first party hacker damage after claims made by small to medium accountancy firms that had files encrypted with ransomware / crypto-locker viruses.
NZ data security breach affecting 1000+ customers
Leading the response to allegations against a large New Zealand technology company in a major data security breach affecting over 1,000 customers. This included coordinating the forensic and PR response and addressing third party contract claims.
Cyber fraud attacking client funds
Social engineering, phishing and spear phishing attacks against businesses large and small, including where a supplier or manager is impersonated and the business is fooled into paying money to a fraudulent third party.