Cyber Security

One of our key assets as a team is our global reach.

We have one of the longest-standing privacy and cyber security teams in Europe and have been advising clients since the inception of data protection laws more than 30 years ago.

Linklaters' internal privacy network spans 14 jurisdictions across Asia, the U.S. and Europe, while our wider network of independent privacy specialists covers over 100 countries.

We have frequent contact with the European Commission, the UK Treasury, Home Office and other government departments, the U.S. Department of Financial Services, the U.S. Secret Service, The Federal Bureau of Investigations and the U.S. Department of the Treasury, as well as data protection regulators around the world. These relationships mean that should an incident occur, we have the connections in place to support our clients as required.

Clients benefit from our deep experience of advising on:

Some of the most serious hacking and data breach crises in the last decade.
Effective cyber crisis preparedness - through training, incident response planning, and risk management strategies.
Governance and resilience arrangements - helping clients review and put appropriate governance structures in place.

Crisis Response

The right legal adviser can be pivotal to effectively managing and containing issues like cyber incidents and thinking ahead before a crisis hits: this is as much about prevention as cure.

We have assisted clients with investigations surrounding the circumstances of a hack or serious cyber incident in which our swift intervention and analysis of the facts meant that there was no need to notify either their customers or regulators. As a result, these instances remain out of the public domain. We worked closely with the client teams to reach a final resolution that didn’t damage their reputation and avoided any form of litigation.

We are also experienced in situations where both regulators and customers have had to be notified of a breach or incident. In these cases, we have provided full support and advice on who to tell about the breach and when. This ensured that information become public knowledge only when absolutely necessary, in a manner that ensured the story was carefully and consistently messaged.

In the event of a potential breach, our team is able to:

Act as the core custodian of the facts (typically under legal privilege)
Ensure the right information is available to decision makers, including valuable cyber threat intelligence before an incident occurs
Ensure an accurate and consistent narrative is provided throughout by PR and communications representatives
Support and assist with any internal investigations
Advise on securing and recovering data, including by unorthodox means
Provide necessary legal advice as to the board and management’s reporting responsibilities with an eye to collateral impacts (for example in updating markets)
Liaise with relevant regulators and law enforcement officials across multiple jurisdictions
Advise on dealing with potential claims

Prepare and Recover

Our team can also assist with putting in place governance and training to help reduce the impact of cyber incidents by:

Advising on effective incident response planning and testing, based on our experience in major incidents
Delivering board level scenario training and wider organisational training
Assisting with effective vendor risk management including designing procurement and audit processes
Advising on wider privacy compliance issues

Loading component...

Our experience

Advising a range of clients

On all aspects of their cyber preparedness, including risk assessments, policies and procedures, third party mitigations, Board briefings, war games and more.

Advising Capita

(As replacement counsel) on all aspects of its very high profile data incident.

Advising a multinational jeweller

With its response to a ransomware attack which saw confidential details of employees and clients (some of whom were extremely high-profile individuals) shared on the dark web.

A global regulated organisation

On the response to the largescale compromise of commercially sensitive and personal information in over 140 countries (including on related injunctions and criminal proceedings).

A supplier to the NHS

On one of the largest UK losses of sensitive personal data, involving over a million records. Due to quick mitigations, no regulatory action was taken and the client wasn't obliged to notify individual data subjects.

A global IT provider

On the unauthorised extraction of thousands of individuals personal account details (log in details, passwords, burglar alarm codes) by a disgruntled employee with previously undiscovered extremist sympathies.

A number of global U.S. based financial institutions

On their notification strategies with data protection authorities related to the loss of back-up tapes being transported by subcontractors to long-term storage, some involving millions of UK customer details.

A German bank

Before the competent data protection supervisory authority regarding an alleged large-scale unauthorised data loss.

An information service company

On the loss of millions of sets of personal data due to a hacker attack and preparing the defence before the competent data protection supervisory authorities.

Loading component...

Related Expertise

Artificial Intelligence

Artificial intelligence (AI) has the potential to change our lives, our planets and the face of industry irrevocably. But that potential also brings with it unknown risks.

explore

Data

Our experienced global Data team advises on all aspects of data, including on privacy, "big data", confidentiality, secrecy, IP rights, commercialisation, cyber and crisis response.

explore

digital regulation and tech projects_architecture_building_windows.jpg

Digital Regulation and Technology Projects

Working within a leading, global, full-service firm also enables us to deliver multi-disciplinary teams that provide consistent and coherent global advice.

explore

Loading component...

Cyber Security Handbook

Download this essential handbook to gain practical insights on in-house counsel’s role in cyber security.

Read our guide

Loading component...

Meet our global cyber specialists

Adam Lurie

Head of the Litigation, Arbitration & Investigations Practice in the United States and the Americas, Partner, Washington, D.C. and New York

United States

Adrian Fisher

Partner, Asia Head of Technology, Media and Telecoms, Singapore

Singapore

Alex Roberts

Partner, Head of China TMT, Co-Head of Games and Interactive Entertainment, Shanghai

Mainland China

Caitlin Potratz Metcalf

CIPP/US, Senior Associate, Washington, D.C.

United States

Ceyhun Pehlivan

Co-Leader TMTIP, Madrid

Spain

Dr. Daniel Pauly

German Head of TMT, Partner, Frankfurt

Germany

Georgina Kon

TMT Partner, London

United Kingdom

Greg Palmer

Technology, Media and Telecoms Partner, London

United Kingdom

Guillaume Couneson

TMT Partner, Brussels

Belgium

Ieuan Jolly

Partner & Chair: U.S. Technology, Media and Telecoms/Intellectual Property and Data Solutions, New York

United States

Richard Cumbley

TMT Partner, London / Dublin

United Kingdom

Sonia Cissé

TMT Partner, Paris

France

Tom Cassels

Litigation, Arbitration & Investigations Partner, London

United Kingdom

Loading component...

We have one of the longest-standing privacy and cyber security teams in Europe and have been advising clients since the inception of data protection laws more than 30 years ago.

Linklaters' internal privacy network spans 14 jurisdictions across Asia, the U.S. and Europe, while our wider network of independent privacy specialists covers over 100 countries.

Clients benefit from our deep experience of advising on:

Some of the most serious hacking and data breach crises in the last decade.

Effective cyber crisis preparedness - through training, incident response planning, and risk management strategies.

Governance and resilience arrangements - helping clients review and put appropriate governance structures in place.

Crisis Response

The right legal adviser can be pivotal to effectively managing and containing issues like cyber incidents and thinking ahead before a crisis hits: this is as much about prevention as cure.

In the event of a potential breach, our team is able to:

Act as the core custodian of the facts (typically under legal privilege)

Ensure the right information is available to decision makers, including valuable cyber threat intelligence before an incident occurs

Ensure an accurate and consistent narrative is provided throughout by PR and communications representatives

Support and assist with any internal investigations

Advise on securing and recovering data, including by unorthodox means

Provide necessary legal advice as to the board and management’s reporting responsibilities with an eye to collateral impacts (for example in updating markets)

Liaise with relevant regulators and law enforcement officials across multiple jurisdictions

Advise on dealing with potential claims

Prepare and Recover

Our team can also assist with putting in place governance and training to help reduce the impact of cyber incidents by:

Advising on effective incident response planning and testing, based on our experience in major incidents

Delivering board level scenario training and wider organisational training

Assisting with effective vendor risk management including designing procurement and audit processes

Advising on wider privacy compliance issues