GWLG-RGB-Positive-logoGWLG-RGB-Reverse-logo
Who we are
What we do
Our people
Insights
Topics
  1. Gowling WLG
  2. > Services
  3. >
    Cyber Security and Resilience

Cyber Security and Resilience

Privacy & Cyber Security - Category Page - website - banner - image

Be ready for any scenario

Cyber attacks and data incidents can seriously affect your operations - whether you're experiencing a cyber attack or there's been an unintended data breach or failure in your technical systems or processes - you need to be prepared in advance. Preparing for "when" not "if" is the reality that businesses must face. The risk of financial loss and reputational damage is real and your cyber security lawyers need to be ready for anything.

Resilience in adversity is key when tackling a cyber or data incident. We anticipate threats and focus on preparing you for when the worst happens. Working as part of your team, we help you to put measures in place to protect your data, supply chain and assets, maintain functionality, protect your reputation and bounce back quickly. Implementing measures in "peace time" will ensure downtime is minimised and you can get back to business.

We're here to help

Whether it's a cyber incident, data breach or related litigation, we're ready to get stuck in. We'll work as an extension of your Incident Response team to help you make practical and legal decisions. From BCC/CC issues and failure/lack of IT security controls to phishing attacks and ransomware threats, we won't be phased. We'll stay calm and take a pragmatic approach.

On call 24/7, our team is always ready to pick up the phone and help you through our Cyber Incident Response Hotline. You'll never be dealing with a breach (or its aftermath) on your own. We're there every step of the way. From the moment you detect a breach, our team will bring a specialist skillset and a solutions-based approach to help you succeed in the face of any challenge.

Always in your corner

Even after a breach, we're here to fight your cause, managing difficulties and mitigating further losses. We'll work to recover any financial losses and keep a lid on any incident, so your reputation stays intact. Plus, we'll anticipate and deal with claims or disputes from data subjects, third party contractors and other complainants. If a regulatory investigation is required, we'll be on hand to support you through the process.

Cyber attacks and data incidents can seriously affect your operations - whether you're experiencing a cyber attack or there's been an unintended data breach or failure in your technical systems or processes - you need to be prepared in advance. Preparing for "when" not "if" is the reality that businesses must face. The risk of financial loss and reputational damage is real and your cyber security lawyers need to be ready for anything.

Resilience in adversity is key when tackling a cyber or data incident. We anticipate threats and focus on preparing you for when the worst happens. Working as part of your team, we help you to put measures in place to protect your data, supply chain and assets, maintain functionality, protect your reputation and bounce back quickly. Implementing measures in "peace time" will ensure downtime is minimised and you can get back to business.

We're here to help

Whether it's a cyber incident, data breach or related litigation, we're ready to get stuck in. We'll work as an extension of your Incident Response team to help you make practical and legal decisions. From BCC/CC issues and failure/lack of IT security controls to phishing attacks and ransomware threats, we won't be phased. We'll stay calm and take a pragmatic approach.

On call 24/7, our team is always ready to pick up the phone and help you through our Cyber Incident Response Hotline. You'll never be dealing with a breach (or its aftermath) on your own. We're there every step of the way. From the moment you detect a breach, our team will bring a specialist skillset and a solutions-based approach to help you succeed in the face of any challenge.

Always in your corner

Even after a breach, we're here to fight your cause, managing difficulties and mitigating further losses. We'll work to recover any financial losses and keep a lid on any incident, so your reputation stays intact. Plus, we'll anticipate and deal with claims or disputes from data subjects, third party contractors and other complainants. If a regulatory investigation is required, we'll be on hand to support you through the process.

0330 057 7071 - Cyber Incident Response Hotline

On call 24/7, our team is always ready to pick up the phone and help you through our Cyber Incident Response Hotline.

Cyber Incident Response Hotline - CTA

Cyber security law firm for any situation

Get immediate access to first class support to strengthen your cyber resilience and respond effectively to cyber threats. From prevention through to incident management and post incident support – we've got you covered with our tailored service.

Supply chain management and contract review

Our ready-made questionnaire is a valuable tool to help you manage and mitigate cyber risks across your supply chain by facilitating understanding of the technical security measures and organisational controls your suppliers have in place. We can help you identify gaps and raise red flags where suppliers are not meeting industry and/or contractual standards.

We also provide contract reviews that take a comprehensive look at your cyber protections and liability position under third party supplier contracts. If something's not quite right, we'll help you to renegotiate and boost your contractual protections.

Supply chain management and contract review

Our ready-made questionnaire is a valuable tool to help you manage and mitigate cyber risks across your supply chain by facilitating understanding of the technical security measures and organisational controls your suppliers have in place. We can help you identify gaps and raise red flags where suppliers are not meeting industry and/or contractual standards.

We also provide contract reviews that take a comprehensive look at your cyber protections and liability position under third party supplier contracts. If something's not quite right, we'll help you to renegotiate and boost your contractual protections.

Preparing for an incident

Preparing for an incident

We'll help you develop an effective cyber incident response plan. This can either be bespoke or using one of our ready-made plans that can be used out of the box or adapted to fit your needs. We can also conduct a legal review of your incident management policies and processes. We'll guide you through the creation of and implementation of data breach and other policies which help you mitigate and manage risks associated with cyber and data incidents.

War gaming is a great way of getting your team prepared for an incident. We offer 'dry run' exercises which simulate under time constraints the outcome of a successful cyber attack. As well as simulations, we provide training to help increase awareness and engagement of key cyber security issues.

Cyber insurance: know your policy

Cyber insurance: know your policy

Our specialist Insurance team can help review the adequacy of the cyber protection in your current insurance programme and assist you in procuring a bespoke insurance policy that best suits your needs. If an incident happens, we can help you through the claims process to engage in a co-operative relationship with insurers and ensure you don't fall foul of any policy terms and conditions.

Cyber crises management

Cyber crises management

If a cyber incident occurs, we'll be there to help you make swift but considered decisions. We'll be on hand to help you act within strict timescales. From internal and external investigations to remedial steps and media crisis management, we're on hand to support you.

Personal data breach management

Personal data breach management

Whether it's working with your data protection officer, information security teams and other parts of your business to investigate breaches or helping you to satisfy reporting obligations within tight timescales, our team becomes your team. We'll draft all necessary communications and notifications with an eye to protect you from any future litigation or investigation and minimise reputational damage.

Litigation

Litigation

Our team has a track record of successfully defending mass data breach claims and recovering damages equivalent to all losses arising from a cyber incident. From helping you to pursue a threat actor, to working with forensics teams and recovering damages, we cover all aspects of litigation linked to cyber security and data protection. We'll assess the facts, your business objectives and the defences or claims available to you, all with a view to advising your business on a strategy that aligns with its goals and priorities.

Post-incident

Post-incident

We're here to support you from beginning to end; that means the support continues even after the immediate aftermath has been dealt with. We'll work with you to explore the lessons learned following a cyber or data incident and help you to create useful resources that help improve your defences and processes. Legal privilege sometimes provides good protection in relation to documentation, but we can advise further and specifically on this.

Cyber security legislation, guidance and policy compliance

Cyber security legislation, guidance and policy compliance

We advise industry and government bodies on the application and impact of recent changes to cyber security legislation in the UK. We can also support with cyber security compliance projects in jurisdictions outside of the UK including the EU. Our team helps clients navigate these updates, offering clear guidance on their impact on business operations. We also support compliance efforts by providing practical checklists to assist with gap analysis for current and future products.

You're secure with us

"The firm is regularly sought after for its ability to handle high-stakes contentious matters regarding software licensing. It works for an impressive roster of clients, ranging from startups to FTSE 100 companies in a variety of sectors from financial services to retail."

Chambers UK 2024

Our Technology team is ranked highly by industry directories. Principal Associate Amber Strickland was also recognised by The Legal 500 (2022) for her work, with one testimonial saying, "(she's) all over the detail of the case, anticipating issues before they arose and working out practical ways to resolve them".

Work highlights

Because of the nature of our work, the clients involved in the following examples of our work are confidential.

Cyber security - Client work - Cyber security practices

Cyber security practices

Cyber security practices

Advising on a pension scheme's overhaul of cyber security practice. The work included devising a bespoke Cyber Incident Response Plan and designing a bespoke war gaming exercise, as well as a contract review of all cyber security provisions.
Cyber security - Client work - Data breach

Data breach

Data breach

Advising a multi-national company on a data breach affecting data subjects in multiple jurisdictions, including technical exemptions and notifying the ICO.
Cyber security - Client work - Cyber attack 1

Cyber attack

Cyber attack

Advising the victim of a business email compromise fraud perpetrated through a cyber attack via a third-party service provider, including incident response, engagement with the police and regulators and a claim/strategy to recover losses. All losses and legal fees were recovered in full.
Cyber security - Client work - Cyber attack 2

Cyber attack

Cyber attack

Advising on the response following a cyber attack resulting in compromised financial data, including the client's contractual rights to resist disclosure to protect their reputation and data.
Cyber security - Client work - Cyber security practices

Cyber security practices

Cyber security practices

Advising on a pension scheme's overhaul of cyber security practice. The work included devising a bespoke Cyber Incident Response Plan and designing a bespoke war gaming exercise, as well as a contract review of all cyber security provisions.
Cyber security - Client work - Data breach

Data breach

Data breach

Advising a multi-national company on a data breach affecting data subjects in multiple jurisdictions, including technical exemptions and notifying the ICO.
Cyber security - Client work - Cyber attack 1

Cyber attack

Cyber attack

Advising the victim of a business email compromise fraud perpetrated through a cyber attack via a third-party service provider, including incident response, engagement with the police and regulators and a claim/strategy to recover losses. All losses and legal fees were recovered in full.
Cyber security - Client work - Cyber attack 2

Cyber attack

Cyber attack

Advising on the response following a cyber attack resulting in compromised financial data, including the client's contractual rights to resist disclosure to protect their reputation and data.
Cyber security - Client work - Cyber security practices

Cyber security practices

Cyber security practices

Advising on a pension scheme's overhaul of cyber security practice. The work included devising a bespoke Cyber Incident Response Plan and designing a bespoke war gaming exercise, as well as a contract review of all cyber security provisions.
Cyber security - Client work - Data breach

Data breach

Data breach

Advising a multi-national company on a data breach affecting data subjects in multiple jurisdictions, including technical exemptions and notifying the ICO.
Cyber security - Client work - Cyber attack 1

Cyber attack

Cyber attack

Advising the victim of a business email compromise fraud perpetrated through a cyber attack via a third-party service provider, including incident response, engagement with the police and regulators and a claim/strategy to recover losses. All losses and legal fees were recovered in full.
Cyber security - Client work - Cyber attack 2

Cyber attack

Cyber attack

Advising on the response following a cyber attack resulting in compromised financial data, including the client's contractual rights to resist disclosure to protect their reputation and data.
Cyber security - Client work - Cyber security practices

Cyber security practices

Cyber security practices

Advising on a pension scheme's overhaul of cyber security practice. The work included devising a bespoke Cyber Incident Response Plan and designing a bespoke war gaming exercise, as well as a contract review of all cyber security provisions.

Key contacts

Patrick Arben

Patrick Arben

Partner

Birmingham
Amber Strickland

Amber Strickland

Principal Associate

Birmingham
Saha Dehsheykhi

Saha Dehsheykhi

Senior Associate

Birmingham
Sarah Gray

Sarah Gray

Senior Associate

Birmingham
View our team
Privacy & Cyber Security - Category Page - in-page

Related services

Data ProtectionCommercial Disputes and LitigationDispute Resolution & LitigationInsurance and ReinsuranceTechnology Law

Related sectors

AutomotiveEnergyFinancial Institutions & ServicesGovernment Contracting & Public SectorHealth & CareReal EstateTech

Subscribe for updates

Sign up to receive insights on the latest legal changes and developments

Subscribe

Stay connected

  • Email icon - White
  • LinkedIn logo - white
  • X Twitter logo - white
  • Facebook logo - white
  • YouTube logo white
  • Instagram logo - white
gowlingwlg

Gowling WLG is an international law firm comprising the members of Gowling WLG International Limited, an English Company Limited by Guarantee, and their respective affiliates. Each member and affiliate is an autonomous and independent entity. Gowling WLG International Limited promotes, facilitates and co-ordinates the activities of its members but does not itself provide services to clients. Our structure is explained in more detail on our Legal Information page.

PeopleSectorsServicesClient solutionsInsightsNewsClient work
TopicsEventsCareersWho we areGlobal reachCorporate responsibilityContact us

© 2025 Gowling WLG All rights reserved.

Legal information
Privacy statement
Accessibility
Terms of use
Cookies
Sitemap
Regulatory information
Modern slavery statement
UK pay report
Terms and conditions of purchase
UK tax strategy
How we use artificial intelligence (AI)
Fraud alert