Cyber-attack: it is not a question of 'if' but 'when'. No business is immune

Cyber security

In Australia in 2022, a cyber crime was reported every 7 minutes. The Australian Cyber Security Centre disclosed a 15% increase in ransomware-related activity since the previous year. Alongside the increasing frequency and threat of cyber attacks, organisations across all sectors face regulatory and community scrutiny and new obligations.

In an evolving, challenging environment, no business is immune. Organisations across every sector must implement a comprehensive cyber security strategy – including robust strategies around their systems, processes and people to proactively manage cyber risk and respond when an attack occurs.


Helping you identify, protect from and respond to cyber risks

By uniting our legal and technology consulting expertise, MinterEllison offers a unique approach that integrates the legal and non-legal aspects of cyber risk, privacy, data protection, and regulatory compliance. We work with our clients to devise an optimal solution for their business. Our process supports organisations through each stage of cyber risk management:

Icon block

We review your systems and processes to develop an organisational understanding and manage cyber security risks to systems, assets, data, and capabilities.

Icon block

We continuously assess the threat landscape and cyber security events' occurrence. We collaborate with external and internal parties to improve our client's cyber security maturity.

Icon block

We take proactive measures to secure systems, processes and people.

Icon block

We assist organisations to develop a framework to respond to cyber attacks, with recovery measures that can be quickly actioned. We work closely with our in-house experts regarding digital forensics, technology, insurance, ESG, and privacy to deliver our clients an end-to-end solution for the entire lifecycle of a cyber incident.

End-to-end risk management support

This includes conducting strategic risk assessments and reviewing existing risk management frameworks. We can assess your current versus target state cyber requirements and build a pragmatic strategic plan to achieve the required cyber maturity level.

Our services include:

  • Cyber security maturity reviews based on industry and government standards and guidelines
  • Technology and cyber security due diligence for M&A, including integration and merger advisory
  • Disaster recovery and business continuity planning, including business impact analysis
  • Management of legal and regulatory requirements, threat modelling, identification and management of key risk indicators, and board-level alignment
  • Third-party risk management, including vendor replacement analysis and insurance stress testing
  • Program management, including PMO deployment and operation, project management, and program enhancement to deliver cyber security and technology projects within schedule, budget, and scope
  • Security awareness training, including assistance with running cyber desktop exercises for management and boards
  • Remediation roadmaps to mitigate identified vulnerabilities and improve cyber security maturity and resilience
  • Cyber security strategies, policies and procedures, including incident response plans
  • Legal advisory, including ensuring compliance with all applicable laws and mitigating legal exposure
  • Cyber incident response, including recovery coordination, digital forensics, communications, and board advisory, and the coordination of third parties such as insurers, managed service providers, and regulators
  • Post-incident review, including identifying lessons learned and improving your organisation’s security posture.

Perspectives on Cyber Risk 2023

Partners Paul Kallenbach and Shannon Sedgwick discuss the key findings of the Perspectives on Cyber Risk 2023 report, that explores organisations' views on cyber risk and what they can do in the face of an attack.

Proactive cyber defences. What to do when faced with a cyber threat and breach

2022 has brought cyber threats into the mainstream with the recent "hacking wave" seeing 17 million records (and counting) stolen. Together with the Australian Information Commissioner we explore the policy and regulatory priorities, the initiatives and challenges.


Recorded: 1 March 2023


Perspectives on Cyber Risk 2023

When a cyber attack occurs, organisations have seconds to protect years of data. How are organisations managing their cyber risk?


Case studies

Short image

Victorian Government department

We assisted this client with both the privacy impact assessment and cyber security risk assessment, regarding the use of CCTV cameras. Our consulting and legal teams worked together to identify and classify the data, assess the IT architecture, data flows and review identity and access management specific to the CCTV federation.

Short image

Health insurer

An insurance provider required immediate assistance with their cyber incident response strategy. We provided legal and consulting advice on regulator and data owner disclosure legal obligations, operational aspects of cyber incident response, and assistance coordinating their forensic investigation.

Short image

Insurers and underwriters

Provided both front end and back-end advice for insurers and underwriters, particularly in relation to drafting of extensions, exclusions, and policy conditions suitable for specialist cyber risk insurance policies.

Lead contacts

Our consulting services are provided (directly and indirectly) by MinterEllison Consulting (ABN 50 017 469 292) and MinterEllison Consulting Pty Ltd (ABN 50 077 613 828), both of which are part of the MinterEllison Group. Our consulting services do not constitute legal services nor legal advice and are not provided by Australian legal practitioners acting in that capacity. The laws and regulations which govern the provision of legal services in the relevant jurisdiction do not apply to the provision of non-legal services.