London EC4A 3TW
Data is a key asset of most businesses, whether it is commercially sensitive information, intellectual property, personal data or big datasets. Almost all of that data is now held in electronic format, and new data is being created at exponentially greater rates than ever before. The General Data Protection Regulation, with the potential for significant fines for data breaches, mean that senior management should be focusing more than ever on data security.
The vast majority of businesses will suffer data breaches at some point. With the increasing interconnectedness of networks and devices, the sophistication of businesses, the way that data is managed and transferred, and the sophistication of attackers, data breach is an inevitability, not a possibility. Our specialist cybersecurity and data breach response team has over 15 years’ experience in helping businesses of all sizes with:
In our experience, the businesses that manage a breach well are those that prepare properly in advance. This process starts earlier than breach preparation. Taking steps to identify and protect the right data, and understand the potential risks attaching to that data, is crucial. Our cybersecurity team works with clients to guide them through this process.
The next step is preparing for the crisis management situation that is a data breach. Our specialist team works with clients to develop breach response plans that are tailored to the risks that business faces. We then work with clients on breach response exercises and refinements to the plan after those exercises.
When a client suffers a breach, we are often called in to provide urgent crisis management assistance, to manage and co-ordinate the breach response process, and to advise on legal and regulatory risk. This often requires decision-making on the basis of limited and incomplete information. Our long history of advising on data breaches of all sizes means that we have the experience to help clients to make the right decisions to minimise.
After a client has suffered a breach, we assist with remediation work and changes to data governance systems and controls, to minimise the likelihood of regulatory action and future breaches.
We also assist clients in assessing and understanding third party risk. We are increasingly called on by clients to help them identify and assess supplier or outsourced provider security risk. We then advise the client on ensuring that appropriate contractual mechanisms are in place to protect our client as far as possible to put the client in the best position possible if a supplier or outsourced provider has a breach.