Skip to main content

Cyber Security

Cyber security has arrived as an important topic at board levels. Every other day, a major data breach is reported in the press and regulators are imposing ever-increasing penalties on companies that fail to take appropriate measures to protect their data.

Cyber security today

Not only are major data breaches now increasingly leading to regulatory investigations and fines, but cyber security has become a geopolitical issue affecting international trade in technology products. 

Yet companies today encounter these issues in many forms: 

  • Direct attacks on systems, e.g. Stuxnet with attacks on controls often used in industry
  • Complex supply chain attacks, e.g. in the case of SolarWinds, where connected customers need to check whether they have also been breached and, as a precautionary measure, take systems offline or initiate decontamination procedures
  • Newly discovered system vulnerabilities, e.g. the Log4Shell zero-day vulnerability in the widely used Apache Log4j framework, which continue to pose dynamic challenges to companies
  • "Ransomware as a service", e.g. as in the case of REvil where Black Hat hacker groups have specialised in developing ransomware and receive a share of the extorted funds


This focus on cyber security has meant that it is regularly one of the most important issues to be addressed at board level. For example, the European Union Agency for Cyber Security (ENISA) predicts that attacks on the European supply chain will quadruple in the coming years, and attacks on cloud infrastructures are expected to increase by as much as five times. The range of necessary activities for our clients to ensure that they comply with legal requirements and minimise risks is therefore increasing.

Increasingly, companies therefore need a range of complementary services that we can offer from a single source:

  • Comprehensive advice on all issues of data protection and IT law
  • Establishing and expanding your compliance and governance structures
  • Supporting compliance and human resources departments in internal investigations 
  • Checking your insurance policies to see if the most important consequences are covered after a data breach
  • Appointment as external data protection officer or support of the internal data protection team
  • Strategically clear advice on how to proceed in the event of data security incidents
  • Managing disputes arising from cyber security incidents and data breaches
  • Support in due diligence for transactions, especially in data-driven business models
  • Advice on sector-specific data protection requirements, for example in regulated industries such as financial services, life sciences and telecommunications
  • Accompanying audits at service providers or by customers
  • Support and representation in proceedings with supervisory authorities