Cyber is a rapidly growing and evolving risk that impacts all organisations in Australia. Understanding cyber risk and taking steps to mitigate it can be critical for an organisation’s financial well-being and reputation. To achieve this, organisations need to be prepared for a cyber incident, know how to respond effectively if an incident occurs and understand their regulatory obligations.

Our leading cyber team can assist you in relation to all aspects of cyber risk. Our team is comprised of lawyers who have acted for or advised hundreds of organisations in connection with Australian and multinational cyber security and data breach incidents, including on some of Australia’s largest and most high-profile matters. These organisations have ranged from large ASX-listed companies, corporates, SMEs, insurers and insureds.

Our services include:

  • HW Rampart, which involves acting as an incident response provider/breach coach in the event of a cyber security incident or data breach and holding the hand of an organisation to ensure an effective response;
  • managing the engagement of our network of leading cyber security and other experts where necessary to respond to an incident;
  • providing privacy and other legal advice in respect of actual or suspected data breaches or security incidents, including drafting notifications to and engaging with the Office of the Australian Information Commissioner, other regulators and individuals affected by data breaches;
  • providing advice on communications with third parties, including the organisation’s leadership team, customers, employees and the public;
  • defending or bringing litigated claims in connection with cyber incidents, particularly in relation to ransomware attacks, data breaches, social engineering fraud and system outages;
  • advising on cyber insurance coverage; and
  • providing pre-incident and post-incident advisory services to executives, boards and key individuals within organisations regarding cyber risk and responding to incidents.


Our team's experience includes:

  • acting as incident response manager and legal advisor for a multinational publicly-listed financial services company in connection with a major data breach. The matter involved directing a forensic investigation into the data breach and advising on legal obligations with various regulators including the OAIC, ASIC and APRA. Based on the forensic investigation, the organisation was able to take remedial steps to avoid the reputational damage associated with a widespread public notification.
  • acting as incident response manager and legal advisor to a client who provides technology and data services to local governments and universities following discovery of an incident involving an experienced nation-state threat actor. The matter included directing leading IT cybersecurity experts to investigate the source and eradicate the threat, a voluntary notification to the OAIC and handling queries from key third-party customers. The client was able to continue its business with little disruption and its loss was minimised. This success can be attributed to identifying and engaging the right experts, and open and collaborative dealings with the OAIC.
  • acting for various organisations in disputes relating to social engineering fraud after a hacking incident, which resulted in an invoice being fraudulently altered and money being inadvertently paid to a threat actor.
  • acting for insurers providing cyber insurance policy advice for a large number of claims and in respect of a wide range of coverage issues.
  • board and executive training on a variety of topics, including:
    • claim trends and key risks;
    • how to best manage and respond to an incident, including incident response planning;
    • simulated incidents, primarily for ransomware, data breaches, business email compromise and social engineer fraud;
    • regulatory developments associated with cyber;
    • data retention obligations and policies;
    • contractual obligations arising from a network security incident or data breach; and
    • communications and reputational risk assessments.

Key contacts

Eden is a leading cyber, privacy, disputes and insurance lawyer who heads the Hall & Wilcox cyber practice.

Alison has more than 20 years’ experience in a wide-ranging employment and privacy practice.

John is a corporate lawyer specialising in technology and IP law, particularly for IT, telecommunications and media clients.

Sumith Perera

Chief Operating Officer


Sumith is the Chief Operating Officer and the national Head of Corporate Services at Hall & Wilcox.

Related thinking

Cyber| 10 May 2022

AFSL holders on notice for cybersecurity failings

AFSL holders should be aware that cybersecurity protocols are now a core obligation in the provision of financial services following Federal Court case.

Cyber| 22 Apr 2022

Primary targets – cyber risk in the health, aged care and community sectors

The health and aged care sectors are arguably the primary target for cyber criminals in Australia. Read why and how you can protect your organisation.

Cyber| 07 Apr 2022

In the middle of a chain reaction: mitigating cyber-risk in the retail and FMCG sector

The focus by cybercriminals on the retail and fast-moving consumer goods sector, is a problem exacerbating the challenges already faced by delays within the supply chain. What can companies in this sector do to mitigate the risk?

Cyber| 10 Mar 2022

Day zero – time to prioritise cybersecurity

With the increase in cybercrime and the hardening of the cyber-insurance market, it is more important than ever for companies to be informed of current trends and ensure that they have good cyber security hygiene.