Cyber crime is an ever-present threat to businesses globally. Our cyber and technology law specialists work strategically with clients to minimise threats and to reduce the impact if an attack occurs. We can also help you seek compensation for any losses suffered as a result of cyber attacks.
Cyber security should be taken seriously by every business. Cyber security threats almost every element of your business.
We:
Help you put in place the strategy and processes required to tackle head-on the threats posed by cyber security breaches and attacks
Advise on your legal responsibilities and potential liabilities
Reduce the possibility for regulatory fines and reputational and other damage to your business by training your staff and ensuring any attack is dealt with swiftly and appropriately
Help you recover any financial damage where possible
The law in this area develops quickly – a necessary response to the fast pace of technological development. We are legal experts, providing the most up to date, practical regulatory advice to businesses across all sectors here in the UK and internationally.
Our work includes:
Advising on hosting agreements – including advice on service levels and liability for security breaches
Development of internal policies and procedures for system security
Provision of data protection and cyber security training for staff
Advice on how to prevent cyber attacks
Urgent data breach response advice
Assistance with breach investigations
Advice on cyber security provisions in external contracts, agreements and agreements with consultants and external stakeholders
UK GDPR and related legislation compliance advice
Investigating attacks and identifying attackers – we take all action necessary through the courts to protect your business and employees, recovering compensation where available
Engaging with ISPs to ensure content removed where appropriate, obtaining injunctions and disclosure orders where necessary
We can also assist whatever the nature of the risk you face, be it hacking, identity fraud, denial of service attacks, harassment by electronic means or phishing.
As cyber threats continue to proliferate, having a tailored cyber security strategy in place is now a commercial priority. At DMH Stallard we help businesses devise commercial strategies and security policies that help minimise the risks to the business. This can be a long-term process, including educating and training staff so that there is a high level of awareness across the business about the risk of cyber threats. It also involves advising on how a business interacts with its customers and clients and what it should do when entering into binding commercial agreements with third parties.
A key part of any cyber security strategy will be a cyber or information security policy that embeds cyber security best practice across your organisation. All employees must adhere to the policy and proactively act in accordance with its requirements.
The goal of any effective cyber security strategy is to reduce the risk that your business will be attacked in the first place. It’s also to ensure that if an attack does occur you have the tools available to deal with it in a way that minimises the financial and reputational impact.
Yes. In many respects the implementation of cyber security measures is the technical way you ensure compliance with the UK GDPR regime. At DMH Stallard we work with clients to ensure their cyber security and data protection systems work in tandem with GDPR requirements. We’ll also ensure your approach is a proportionate response to potential cyber attacks and to your organisation’s specific obligations under UK GDPR.
Remember not all GDPR regulations will apply to your business. Do you actually handle personal information for example? We can assist with conducting internal audits to establish your GDPR obligations and identify potential cyber threats. We can then advise on and draft policies and procedures to implement appropriate cyber and data protection policies.
In the absence of an effective hosting agreement, it’s sometimes complicated to establish the liability of hosting providers, whether the hosting is provided on shared or dedicated servers or is carried out under a co-location contract. Difficulties arise when there are security breaches or unacceptably low service levels. Often it will come down to the terms of the relevant hosting agreement and what the business agreed to under those terms. In our experience these will often limit the host’s liability in line with its standard terms and conditions and therefore we would need to work with you to see what protection there may be under the agreement terms and if there is none or little, how else we could assist you to improve your position.
We can advise you on:
Any proposed hosting agreement for your business, assessing whether the provisions being offered are adequate for your business and what is in place relating to the service levels and data protection obligations
Liability for security breaches including hosting of indecent or defamatory content or material which infringes a third party’s intellectual property. It’s crucial to include provisions that deal with the host’s liability in circumstances where your site security is breached because the host’s cyber security is insufficiently robust
Our dispute resolution solicitors can provide you with guidance on the most effective way to deal with a dispute to minimise any economic or reputational damage to your business, including advice on the various methods of alternative dispute resolution (ADR).
Cyber attacks and data breaches are now a major concern for businesses. If not handled correctly the economic and reputational damage to an organisation can be significant. There is also the risk of substantial regulatory fines. When you do suffer a data breach you should be able to rely on the protocols you have in place to respond appropriately. A large part of our cyber and data security work involves helping businesses lay the groundwork for a data breach response. There are a number of things to consider in the event of a breach:
First, make your response measured and proportionate. Data breaches are not uncommon. Government statistics covering 2023 indicate that 32% of small businesses, 59% of medium businesses and 69% of large businesses experienced breaches or attacks in the preceding 12 months. This can come at a huge cost and major disruption to the business.
Not every breach will result in formal action being taken against you by the Information Commissioner’s Office (ICO), and not every breach has to be reported to the ICO. You only have to notify the ICO of a breach if it is likely to result in a risk to the rights and freedoms of individuals. So, a lot of the actions you take when you become aware of a breach are concerned with assessing the risk the breach poses to individuals, managing that risk and deciding whether you need to report the breach or not.
Under UK GDPR rules if the breach is one that is reportable you must report it to the ICO within 72 hours. You should immediately start to gather information about the breach, recording what happened, who was involved and what actions you’ve taken.
Try to minimise the impact of the breach. Can you recover the data? Can systems be shut down or access limited? What steps can you take to protect individuals who will be affected by the data breach?
Assess the risk of harm to those affected bearing in mind issues such as safeguarding, identity theft and personal distress that may be caused by the leaking of personal data. Remember a data breach might carry a low level of risk, but some breaches may carry very high risk on individuals. Where there is a higher level of risk you should proactively inform individuals of what’s happened and provide information to those individuals about the steps they can take to protect themselves.
Reacting to a breach in the correct way is crucial. We can offer advice where necessary to ensure you meet your obligations under UK GDPR, liaise with the ICO on your behalf and take the necessary steps to inform those individuals who have been affected.
Just great service; in terms of communication and delivery. Great turnaround as well in very challenging circumstances.
Legal 500 UK 2020
The Cyber team at DMH Stallard offers the support needed for dealing effectively with damaging DDoS attacks. They understand the complexity and proliferation of cyber threats, the law, and respond at the speed needed to support our international clients.
D Brownfield, CEO, Redspam, Managed DDoS Monitoring & Mitigation Services
They have taken the time to get to know the business on multiple levels; our market, our pressure points, our culture and structure.
Legal 500 UK 2021
Chambers & Partners UK 2024
Legal500 2023 Leading Firm
Meet the team
Our cyber security specialists advise business across all sectors on their legal responsibilities under cyber security regulation and provide urgent, critical support in the event of a cyber attack.
Advising client whose supplier was subject to a ransomware attack. We act for a client in relation to the provision of IT Services from a supplier, who was subject to a ransomware attack leading to repercussions for our client. We are advising our client on their rights and potential claim to damages.
Advising retail solutions provider on cyber and data protection issues
Advising client on structure of framework contracts, master services arrangements and IT solutions, including data protection structure and processing provisions. Advising on international data transfers agreements, use of SCCs/International Data Transfer Agreement and Transfer Risk Assessment for adhering to technical and organisational and other data security measures.
Legal support to airline technical solutions provider
Advising on provision of SaaS service and data processing arrangements, including cross-border data transfer arrangements for airlines in different jurisdictions, international data transfer contracts and risk assessments, data security considerations and linking to cyber security insurance. Advising and drafting a Data Breach Policy and Data Retention and Deletion Policy (internal and external versions), to support GDPR compliance obligations.
Advising IT platform development and infrastructure provider
Advising on data protection matters, regulatory compliance and drafting suite of data protection documents including general Privacy Policy, Cookies Policy, Data Handling Policy, Employee Data Protection Policy, Data Protection Impact Assessments, Legitimate Interests Assessments, Subject Access Request Process, intra-company Data Sharing Agreements (including international data transfer provisions) and Data Retention Policy.
Web shop terms and data processing
Advising a plumbing fixtures manufacturer on an agreement with an Instagram influencer and their web shop terms, as well as the provision of advice relating to data processing.
International trade and trading across borders; the financial and legal implications
Podcasts
In this episode, we delve into the risks and opportunities confronting businesses involved in global trade or aspiring to expand their international footprint amidst the current economic climate.
12/04/2024
Top tips for investor-readiness – Corporate Commentary episode 10
