Cyber Spotlight
Calm amid the storm  

As the demand for cyber support grows globally, the cohort is growing exponentially and includes an increasingly high proportion of women cyber leaders (e.g. four-fifths of our dedicated cyber team in Australia). This is a critical development as we build capability and leadership in this space. 

Putting the firm in the position to assist clients effectively – where speed is invariably of the essence – has involved establishing relationships with clients such that the firm is on standby to help with the response and to help bring about a resolution, no matter how challenging that might be. That, in turn, requires having in place trusted third party relationships with forensic incident response consultancies, public-relations consultancies and the like so the firm can act as a one-stop-shop, if that is what a client requires. 

Cameron says, “Unlike other firms, we have a practice that is truly dedicated to cyber. Our clients are getting the benefit of our expertise not just because we can bring excellent legal advice but also a level of strategic advice which they would not be able to get from other legal advisers who are doing this as a part-time practice. This dedicated practice is a key defining feature and our clients are recognising this.” 

A strong feature of the practice is the firm’s approach to data breach analytics, with the help of AI and other digital tools. Where large volumes of unstructured data are compromised in an incident, data breach analytics is required to identify, as quickly as possible, which data is the most sensitive in order to develop an appropriate strategy to notify affected individuals, regulators or take other necessary action. Andrew explains: “HSF has developed a proprietary toolset and workflow that combines its global and multidisciplinary cyber crisis response practice and the firm’s global Digital team with proprietary tooling to get to the heart of the affected data. Put simply, the firm gets the technology to tell it what is in the documents and to “top slice” the most important material for prioritised review”. 

Not just a lawyer 

Cyber is a practice unlike any other. Quite apart from the complexity of the law and the (increasing number of) regulations, cyber incidents are often accompanied by personal threats to individuals and their families. This poses a real conundrum for companies – making a business decision inherently personal. The lawyers in the team rise to challenges beyond their profession, becoming astute diplomats, strategic advisers and crisis managers, often at a c-suite and board level. 

“We’ve dealt with threats to directors and company staff and helped our clients navigate a risk which is so much more than just a business risk,” says Cameron. “It’s very personal and, often, an intensely emotional experience for the executives.”

The ransomware threat emanates from multiple threat actors across the globe. The firm is then required to advise clients on threat actor engagement, in conjunction with professional third party negotiators. “Our team is often put in positions that many other lawyers would never think of getting close to, let alone think existed,” Cameron says. 

The experienced practitioners in the HSF cyber practice exude calmness. “We are obviously empathetic,” says Andrew, “but it doesn’t help at all to resolve the crisis if that begins to influence the decisions and advice being given. We have to retain an objectivity.” Andrew adds, “Our clients expect us to provide good legal advice, but also to be the calm amid the storm.” 

It would be fascinating to divulge some cases to illustrate the sorts of situations that the firm helps to resolve, but invariably much the cyber practice does is highly sensitive. High-profile businesses want the dust to settle on incidents as quickly as possible, and certainly don’t want it revealed if they have paid a ransom. 

And of course, insurance companies are reluctant to reveal how much they pay out in insurance claims. An article in The Economist recently said that in 2022, insurance companies paid out a total of US$4 billion. 

Notably, HSF provides a ‘trusted adviser’ model, supporting clients before, during and after an incident. While HSF services are often covered by insurance, the firm does not work directly on insurance panels. This independence is key. As Andrew explains, “If the firm were to be on these panels, we may be obliged to act in the best interests of the insurer or in a way where our independence is potentially compromised. Insurer interests are not always aligned with our clients’ best interests. We’d also be obliged to share information with insurance companies, who naturally try to pay out as little as possible. We therefore took the decision, in the best interests of our clients, not to be on insurer panels.” 

There is lots the HSF cyber team do to help clients before incidents occur too. Legal incident response plans help the in-house legal teams understand their role during incidents. The team will also run simulation exercises to help socialise the issues and decisions clients will need to make during typical incidents. Clients also commonly request advice on corporate governance, regulatory compliance and personal liability that can arise from incidents. 

One thing is absolutely certain, Andrew, Cameron and the team will have their work cut out for years to come.