Cyber-attacks have become commonplace and sophisticated, posing a huge risk to the economy, democracy and society, which is why investors and other stakeholders who are increasingly concerned about ESG risks have doubled down on their efforts to fight them.

Tightening up cybersecurity compliance obligations that require organizations to take a range of measures to ensure that they are better equipped to deal with these risks has been the prevailing trend. Top management is called upon to pay attention to and be involved in the issue, especially since they could be seriously compromised in the event of a cyberattack. On top of that, the breach of legal obligations carries heavy fines (usually, a percentage of the organization’s/business group’s global turnover), and the adverse (reputational, operational, financial, compensatory, among others) impacts of a cybersecurity incident require the implementation of effective risk prevention and management mechanisms.

We provide our clients with a program that allows them to assess their legal cyber-security state of maturity and resilience and to create the necessary conditions for preventative and other measures to reduce the adverse impacts of possible cyber incidents can be planned and taken in a timely manner. Our multidisciplinary team, which has second to none experience accumulated over years of intense involvement with these matters, also assists our clients in crisis situations triggered by security incidents.



  • Drafting of different relevant Cybersecurity policies (both internal and external, i.e., involving interaction with third parties)
  • Advice in connection with the definition and implementation of cybersecurity governance structures, including for business groups
  • Monitoring of cyber-resilience programs
  • Assistance in the definition of third-party engagement and management risk assessment processes
  • Assessment of technical/technological solutions and services, notably to comply with the applicable legal framework.
  • Assistance in taking out cyber-risk insurance policies
  • Legal advice during the process of certification, referencing and regular updates of standards and best market practices
  • Drafting of agreements and specific clauses with a direct or indirect impact on cybersecurity
  • Implementation of cybersecurity training and on the job training programs

Response to Incidents

  • Assistance in case of an incident, including collation and analysis of information on the incident, risk assessment and preparation of the mitigation and response strategy
  • Legal advice in connection with notifying the incident to proper authorities and interested parties
  • Support in connection with investigations and/or inspections by legal authorities
  • Assistance in the preparation and implementation of a risk mitigation plan
  • Assessment and definition of dispute resolution strategies and assistance in civil and criminal lawsuits
Please note, your browser is out of date.
For a good browsing experience we recommend using the latest version of Chrome, Firefox, Safari, Opera or Internet Explorer.