Privacy Policy Terms of Use
HomePractice AreasTechnology, Media and Telecommunications (TMT)Cybersecurity

Cybersecurity

Practice Areas

Introduction Services Experience

Cybersecurity incidents and data breaches pose an existential threat to businesses of all sizes. 

Our Cybersecurity team comprises experienced lawyers and an extensive professional network. We can provide retained engagements to ensure we are conflict cleared and ready to respond on demand. Our approach is to engage other key incident response and forensic service providers to ensure their services are engaged for the purpose of privileged legal advice to our clients. We help clients meet regulatory requirements across multiple jurisdictions, and to engage with and respond to privacy and regulatory authorities in subsequent enquiries. We guide our clients through the maze of legal issues that arise in cyber attacks – ransom assessment, sanctions advice, management of contractual risk, co-ordination with enforcement authorities, legal considerations in reputation management, fiduciary duties of directors and officers, and review and assessment of technical reports for legal advice and risk management. We help our clients with restoration and remediation work.

Cyber risk is about people and processes. We support our clients with their risk management efforts in this area. We advise clients on policies, plans and processes to help improve their security posture, and manage and mitigate risk in the cyber threat environment. We pay particular attention to helping clients with their incident response plan, and the processes underpinning that crucial document. We also guide clients on cybersecurity laws and regulations in Hong Kong, and in various jurisdictions throughout the Asia Pacific region and worldwide. Cyber risk is not just a technology issue, though we deeply understand technology.

Prevention of cyber incidents requires training and awareness programmes. We have led clients with tabletop exercises, data breach simulations and more specific direct legal training. We have briefed Board and C-Level executives on their roles, functions and duties in a cyber incident. We have partnered with third party organisations to deliver training programmes that integrate business, legal, technical, incident response and communication elements. We are the exclusive legal partner with Singtel for its Hong Kong Elevate programme, targeted to medium-sized business in Hong Kong.

Key Contacts

group-icon

Pádraig Walsh

Partner

We advise on:

  • all legal aspects of security incident and data breach response 
  • advice to board directors and C-suite executives and review in guidance of crisis communications
  • enforcement actions, regulatory inquiries, investigations or litigation following a cybersecurity incident or data breach
  • selection, engagement and supervision of technical experts and other key service providers in incident response
  • issue identification, applicable law assessment, risk and harm assessment, notification assessment, and reporting requirement review
  • information and data collection, chain of evidence protection and preservation of legal professional privilege
  • training, preparation and exercise programmes in respect of incident and breach response
  • policy and plan drafting and reviews in respect of incident and breach response
  • cybersecurity and related laws and regulations in various jurisdictions, and in particular their potential and actual impact on business operations
  • Advising a multinational chemical company in respect of a data breach by a data processor.
  • Advising an international professional services firm in respect of a data breach committed by an employee when working onsite in another client’s office.
  • Advising on data breach notification preparation and engagement with privacy regulator in respect of a data breach affecting current and former employees in Hong Kong.
  • Advising and training employees and management of a multinational manufacturer on data breach response.
  • Training employees of a multinational automobile manufacturer in respect of data protection in automotive industry.

Insights

Enforcement action follows PCPD finding of ineffective data privacy training

Pádraig Walsh . 29 April 2026

Insights

What you need to know about the Protection of Critical Infrastructures (Computer Systems) Ordinance, the cybersecurity legislation in Hong Kong (Part 6)

Pádraig Walsh . 21 April 2026

Insights

What you need to know about the Protection of Critical Infrastructures (Computer Systems) Ordinance, the cybersecurity legislation in Hong Kong (Part 5)

Pádraig Walsh . 16 April 2026

Insights

What you need to know about the Protection of Critical Infrastructures (Computer Systems) Ordinance, the cybersecurity legislation in Hong Kong (Part 4)

Pádraig Walsh . 14 April 2026

Insights

What you need to know about the Protection of Critical Infrastructures (Computer Systems) Ordinance, the cybersecurity legislation in Hong Kong (Part 3)

Pádraig Walsh . 9 April 2026

Insights

What you need to know about the Protection of Critical Infrastructures (Computer Systems) Ordinance, the cybersecurity legislation in Hong Kong (Part 2)

Pádraig Walsh . 2 April 2026

Insights

What you need to know about the Protection of Critical Infrastructures (Computer Systems) Ordinance, the cybersecurity legislation in Hong Kong (Part 1)

Pádraig Walsh . 31 March 2026

Insights

“There’s always someone watching!” (Ocean’s 11). Updated Privacy Commissioner guidance on CCTV, drone, and in-vehicle camera use

Russell Bennett . 10 December 2025

Insights

Legal Update: Banking (Amendment) Ordinance 2025 

Pádraig Walsh . 12 November 2025

Related Practices

Technology, Media and Telecommunications (TMT)

Tech Transactions

Digital Asset and Cryptocurrency

Data Privacy

Gaming, Media, and Entertainment

Fintech

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.