Mitigating the risks of, and responding to, cyber security incidents.

The scale and frequency of data breaches and cyber attacks suffered by UK organisations are quite staggering.

Data breaches can occur in a variety of ways from theft or loss of devices, to employee misuse or human error.  As cybercriminals become increasingly sophisticated and geopolitical instability remains, all UK businesses are potentially at risk from cyberattacks. Indeed, cyber attacks don’t have to come from organised cyber criminals - in fact, threats very often come internally from disaffected or departing employees.

There is no room for complacency for any organisation - mitigating the risks of a data breach or cyber attack, and ensuring that your business knows what to do should it become a victim, are fundamental.

Let us help

At Burness Paull, we understand how challenging and disruptive data compromises can be to businesses and the consequences that can flow from them. Whatever the nature, size or stage of the issue, we can help clients to manage data breaches or cyber security attacks or better still, work with them on preventative strategies to mitigate the risk of them occurring.

Our cyber security and data breach team has first hand experience of dealing with a wide range of data issues, from large scale cyber attacks to internal data losses resulting from employee actions. We understand the potential issues and how to deal with them quickly, practically and sensitively to ensure that the client’s legal, commercial and reputational interests are protected at every stage.

Burness Paull’s cross-practice cyber security and data breach team has wide-ranging experience across numerous practice areas, covering all the elements that a response to a data issue may require, including expertise in investigations, IP, commercial contracts, employment, public relations and follow-on litigation including class actions (also known as group claims in Scotland). We are also experienced at working alongside third parties providing specialist services, including forensic IT teams, counsel and PR advisers.

Key Contacts

What we do

Before a data breach or cyber attack:

We will work with clients to mitigate their risk of suffering data compromises, including:

• Risk assess their vulnerability to a data breach or cyber-attack
  
  
• Review and strengthen their cyber security software and protections, incident response plans, and internal training programme
  
  
• Advise on their cyber insurance policy & commercial contracts

During a data breach or cyber attack:

We will work with clients to manage the various stages of their response, including:

• Discovery: work to identify the breach and implement the incident response plans
  
  
• Triage: identify the nature and scale of the breach
  
  
• Analysis: assess the effect and impact of the breach, identify the root cause and determine how to eradicate the cause of the breach, the vulnerabilities that led to the breach and remediatory steps
  
  
• Notification: assess who should be notified and agree on a strategy for engagement with relevant third parties, including data subjects, insurers, commercial partners, regulators and law enforcement
  
  
• Remediation: contain and end the threat, repair any damage and restore operational systems
  
  

After a data breach or cyber attack:

We will work with clients to manage the after-effects of a data compromise, including:

• Follow-on issues: advice on any potential follow-on technology, IP or data misuse issues, legal claims or commercial contract issues
  
  
• Prevention: work to reassess their vulnerability to further data compromises and mitigate the risk of further issues arising in the future

Related Practices

Related News, Insights & Events