In today's interconnected world, virtually all companies, their suppliers and their customers are potential targets for cyber attacks. The risks associated with such incidents require a robust cybersecurity program in order to manage this fast-changing risk and remain in compliance.

Our global multidisciplinary team of lawyers and operational consultants advise on all issues surrounding cyber security, from building cyber resilience, through to incident response, and post-incident remediation, providing a holistic and tailored client service.

Risk mitigation - In order to ensure organizations are best placed to respond to an incident we help design and implement corporate governance structures to protect companies and their directors; offer privileged tools to assess risk and comply with evolving regulatory requirements; advise on developing and refining sound corporate policies and strategies to create and maintain a culture of security; and responsible supply-chain and vendor risk management techniques and contract support.

Incident response - We have helped clients through more than 800 security incidents globally. Our team can provide the experienced support you need 24x7 with confidence. We understand the legal and regulatory landscape in depth, having helped to draft almost all of the US data security and state breach notice laws and develop important best practices. We work as a cohesive team bringing a coordinated response to investigations and incidents on a worldwide basis.

Holistic approach - We combine technology, incident response, litigation, insurance and employment, and sector-adapted experience to give in depth support. We use round-the-clock communication protocols and a common methodology for immediate coordination and response. Wherever you may be, we can assemble an integrated team of the world's top cybersecurity technicians and lawyers, helping address your security problem, while cloaking those efforts in privilege (to the extent possible), anywhere in the world, within 24 hours of our first notification.

Global capabilities - Our team works together on a weekly basis and shares the same values and vision of client service. We provide a quick and consistent response to the cyber security needs of any organization. We match geographic and substantive breadth with depth, combining our technical knowledge of data protection, data risk and cyber security, cyber risk insurance policies, data transfer, records management, confidentiality, use of social media for business with practical experience and understanding of business imperatives.

Highly regarded - Our Cyber Security team was recently ranked by BTI Consulting Group among the Top 7 cyber security law firm practices. Many of our lawyers are recognized as leading individuals in their jurisdiction, and our global Data Protection, Privacy and Security practice is consistently recognized and top-ranked among our peers in the US, EU and globally by The Legal 500, Chambers & Partners, and other respected industry directories.

What we offer

We offer clients practical guidance through the cyber lifecycle, including:

Planning, design and preparation - building cyber resilience: our assistance includes ensuring clients have appropriate measures in place to manage cyber risk and respond effectively to a cyber-incident, preserving legal privilege and mitigating potential litigation and reputational risks. This includes bespoke training to relevant tiers of stakeholders, supporting the design of incident response plans and helping to lead "tabletop exercises" so that organizations refine and practice their plan to be able to respond swiftly and efficiently.

Incident response and investigations, including immediate access to forensic experts: our advice includes reporting obligations to the relevant supervisory data authorities and other relevant regulators, both civil and criminal. We regularly assist with strategic advice to contain and remediate adverse impacts on businesses, and protecting impact on a brand. We have pre-existing and trusted global relationships with forensic experts to assist with the response to any incident, ensuring swift and seamless instruction on a legally privileged basis, allowing immediate focus on mitigating the root causes of the incident. With over 180 privacy lawyers operating globally we regularly assist large organizations on multi-national compliance and regulatory obligations, ensuring continuity in response.

Post-incident remediation: we help clients to mitigate the impact of any claims or other liabilities resulting from the incident and to learn from the incident through post incident reviews and gap analyses. Our team includes employment, investigation and seasoned litigation lawyers that advise on a wide spectrum of issues relevant to data incidents, including third party claims and potential class actions; direct and officer liability; product / supplier liability; and, where relevant, employee disciplinary action.

Our insights

Rapid Response - From the moment a company learns about a potential breach of cyber security they should be armed with tools to respond quickly and effectively, while ensuring any action that is taken remains protected by legal privilege. Our 'Rapid Response' global crisis management hotline service provides 24-hour, 365-day access to regulatory legal advice and crisis assistance.

"In a Flash!" - A Lesson in Cyber Security - A dramatic film produced by DLA Piper, depicting a fictional corporation dealing with a number of real-world legal and regulatory issues, among them: cyber governance; cyber-risk management; security protocols; incident response plans; the corresponding legal and regulatory environment faced by board members, general counsel and senior business executives; and the delicate balance of managing internal investigations, reporting requirements and stakeholder interests.

Data Privacy Scorebox - Our online "scorebox" is designed to assist with assessing and benchmarking the data privacy maturity level of an organization. The complimentary tool takes the form of a survey which poses a series of questions relating to 12 areas of data privacy, such as storage of data, use of data, and customer rights. It takes no longer than half an hour to complete, with a range of multiple choice answers to select from. Once completed, a report is emailed which includes a visual summary of how the organization scored in relation to key global data protection principles, a practical action point check list, as well as peer benchmarking data.

Global Leaders