Kieran leads W+K’s Australian cyber risk and breach response team. He has experience setting up and managing data breach response vendor teams and managing cyber claims across a wide range of incidents from ransomware attacks to full scale data breaches. Kieran advises on Privacy Act compliance, compulsory notifications and acts as a cyber breach lawyer for first and third party cyber risks including defending claims against insureds resulting from a breach.

He also advises insurers and their clients on pre-breach compliance with privacy laws, including how international privacy law (eg GDPR) applies to local businesses, as well as developing cyber incident response plans for large multi-national organisations and SME clients. Kieran presents widely on Australian cyber issues including recently for NIBA, UAC and in London.

In addition to cyber, Kieran also specialises in financial lines coverage and defence work. High profile matters Kieran has acted in include shareholder class actions, D&O investigations and insolvency proceedings, PI claims against asset managers, stockbrokers and financial advisers and as coverage counsel for complex D&O and PI claims.

Before joining W+K, Kieran led a large Financial Lines claims team at Chubb, which has seen him develop a deep understanding of claims processes and the management of all stakeholder expectations. He was also recognised in Doyle’s Guide as one of Australia’s Leading In-House Insurance Lawyers.

Cyber + Data Security

  • Acting as the data breach and privacy lawyer advising an insured school. The matter involved the unintentional disclosure of the personal data collected and maintained on a number of students at the school, including sensitive health information requiring notification to the OAIC and parents.
  • Acting for a not-for-profit financial counselling service in relation to an Office 365 data breach involving the exfiltration of over 3,000 emails containing 1,000 personal records. The breach included sensitive information serious enough to warrant seeking an exemption from the OAIC for not notifying certain individuals given an increased risk to other clients.
  • Advising a professional services company in respect of a phishing attack which resulted in a social engineering fraud payment by the company which then triggered the discovery of the exfiltration by the hacker of over 900 clients’ personal data.
  • Advising both insurers and insureds in relation to cover for first party hacker damage claims made by small to medium accountancy firms who have had files encrypted with ransomware/cryptolocker virus.
  • Acting for a professional services entity in relation to a business email compromise which resulted in notification obligations under privacy law and a large third party claim by a client for financial loss arising from outward social engineering attack on the client.
  • Advising a major insurer on coverage issues arising from a breach which resulted in cryptojacking by the hacker over an extended period of time.

Financial Institutions

  • Acting on class actions against banks and asset managers.
  • Acting for a stockbroker in respect of systemic claims by clients for unauthorised trading.
  • Advising on coverage in respect of bank and other financial institutions remediation and compensation schemes.
  • Advising on loss resulting from complex employee theft claims on Fidelity Policies and Financial Institution Bonds for SMEs and large corporates.

Directors & Officers

  • Advising on coverage for shareholder class actions against ASX200 listed companies.
  • Acting for directors in respect of regulatory and government initiated investigations.
  • Acting for directors against claims for director duty breaches.
  • Advising D&O insurers on policy coverage in respect of claims alleging insolvent trading and director duty breaches against directors.
  • Acting for not-for-profit organisations in respect of varied governance and member claims against both the entities and committee members.

Professional Indemnity

  • Acting for an accountant defending a claim from a client for negligence resulting from the theft of client funds by an employee.
  • Acting for a tax agent facing negligence claims and regulatory proceedings arising from the theft of client funds.
  • Advising professional indemnity insurers, providing policy coverage advice regarding class action claims, for negligence and breach of contract against retirement village operators.
  • Acting for a not-for-profit homeless shelter facing negligence claims arising from the handling of a resident.
Areas of Expertise
  • Cyber + Data Security
  • Directors + Officers Liability
  • Financial Institutions
  • Management Liability
  • Professional Liability

Industry Representation
  • Technology + Cyber
  • Financial Institutions + Services
  • Professions + Business Services

Professional Affiliations
  • Australian Insurance Law Association
  • Australian Professional Indemnity Group
  • Law Society of NSW
  • NSW Claims Discussion Group