Kieran leads the firm’s cyber practice and is often the first person our local and London-based clients turn to following a cyber-attack.
Kieran helps clients respond to complex cyber incidents, including matters that involve highly sensitive breaches and cyber-attacks, some of which have been widely described as “crippling” and the “most significant in Australian corporate history”. His work spans assessing and monitoring incidents, setting up and managing data breach response vendor teams, and managing cyber claims across a wide range of incidents from ransomware attacks to email compromises.
As part of the cyber practice, Kieran advises on federal and state privacy law compliance and compulsory notifications. He also acts as a cyber breach lawyer for first and third party cyber risks, including defending claims against businesses and government agencies resulting from a breach. More broadly Kieran defends IT managed service providers in professional liability matters, many of which involve cyber incidents.
Kieran also has one of the largest cyber coverage practices in the market, advising insurers on the most important and significant incidents in Australia.
Kieran’s work often involves incidents affecting multiple jurisdictions (including GDPR issues) and works closely with his Legalign Global colleagues. In this global role, Kieran is an active contributor to thought leadership in Australia and takes part in global panels and seminars.
Cyber & Data Security
- Acting for insurers in two cyber-attacks involving a major Australian company, which have been widely described as “crippling” and the “most significant in Australian corporate history.
- Acting for a services business in a highly sensitive ransomware attack, which had the potential to damage the business’ reputation with its professional services clients.
- Acting for an international not-for-profit organisation in a cyber attack that involved the theft and online publication of data.
- Acting for a government agency in multiple business email compromises, involving substantial data breaches requiring notification to individuals and third party organisations.
- Acting for a not-for-profit financial counselling service regarding an Office 365 cyber incident involving the exfiltration of more than 3,000 emails containing 1,000 personal records. The breach included sensitive information serious enough to warrant seeking an exemption from the OAIC for not notifying certain individuals given an increased risk to other clients.
- Advising both insurers and insureds on cover for first party hacker damage claims made by small to medium accountancy firms that have suffered ransomware attacks or business email compromises.
- Advising a major insurer on coverage issues arising from a breach, which resulted in cryptojacking by the hacker over an extended period of time.
- Acting for a government agency in a matter involving the theft of data from a zero day exploit, which included notifying the relevant regulator.
- Acting for a not-for-profit organisation that suffered the theft of physical documents containing sensitive personal information, which involved notifying the relevant regulator and individuals.
- Acting as the data breach and privacy lawyer advising an insured school. The matter involved the unintentional disclosure of the personal data collected and maintained on a number of students at the school, including sensitive health information requiring notification to the OAIC and parents.
- Cyber + Data Security
- Professional Liability
- Technology + Cyber
- Financial Institutions + Services
- Professions + Business Services
- Australian Insurance Law Association
- Australian Professional Indemnity Group
- Law Society of NSW
- NSW Claims Discussion Group