Media relations
Digital & social media
Stakeholder engagement
Customer communications
Employee communications
Executive media training
Reputation management
Data breach simulation
Digital response centre
We have extensive experience in assisting our clients with a range of incident responses and guiding issues and crisis management to protect reputation.
We developed our data breach specialisation following changes to the Australian Government’s Privacy Act in February 2018 as well as the introduction of the European Union’s GDPR requirements.
We have worked on more than 40 data breaches across several sectors and jurisdictions, including charities, tourism and hospitality, healthcare, insurance, e-commerce, government, property and financial services and healthcare, including some extremely challenging and high-profile matters.
We are the preferred partner for Australia’s leading legal and forensic IT teams, and insurers, specialising in cyber incidents of all types and sizes.
We conduct audits of crisis management and data breach response plans, and simulation exercises for boards and executive teams.
Chief Executive Officer
Chief Operating Officer
Special Counsel
Client Partner
Consultant
Senior Consultant
Chief Executive Officer
Chief Operating Officer
Special Counsel
Client Partner
Consultant
Senior Consultant
A national financial services provider was the subject of a malicious attack which resulted in sensitive data regarding its employees and customers being downloaded and stolen. Compounding the problem was legal trigger clauses that demanded immediate notification, even of loss of mundane data. We crafted the right messages to notify quickly. The transparency and sensitivity with which the incident was handled resulted in minimal client concern and only a short burst of employee outcry.
We have led several data breach simulations to see how organisations prepare against an escalating scenario. Each scenario is based on real-life experiences which test the organisation’s operational and communications capability during a data breach – while adhering to their values and purpose. We provided real-time feedback and a debrief session to advise each organisation to implement critical changes to communications assets, and ensure they are ready to protect their reputation during a real incident
A large health insurance provider lost data that referred to more than 100 kinds of health insurance claims and some customers lost financial records. We created a suite of specific communications content, from hundreds of letters to affected individuals to talking points for phone conversations with those who had lost extremely sensitive material. Despite the high-profile nature of the organisation and the salacious nature of the breach, our methodical and transparent approach resulted in zero media coverage of the incident, and almost no customer backlash.
One of Australia’s most reputable charities was the target of a cyber attack, less than one month before the most important donation drive for the year. We worked alongside cyber response partners to prepare a formal notification to impacted individuals, and develop a comprehensive media strategy endorsed by the board and leadership. Knowing the incident would receive media coverage, the cornerstone of our strategy was proactively informing a trusted group of journalists who understood cyber incidents, to ensure factual accuracy in the way the incident was reported by media.
You must prioritise direct, transparent communications to your customers, consumers, staff and stakeholders; adhering to the parameters and guidelines of local regulations. Media is a second priority. If you do the right thing by the first group, you will be regarded more favourably by media.
While a data breach may appear to be a low-level, the daily news cycle can be unpredictable, and it is important to be well prepared to avoid being caught in a story you didn’t see coming.
The consumer and stakeholder expectation on speed and transparency of response is not fixed. This expectation – the “pub test” changes with news and political cycles.
Strong and comprehensive cyber incident preparation should be a Board-level issue. Organisations must be well-prepared for a cyber incident, with the sophistication of today’s threat actor and the complexity of our economies.
We build realistic scenarios that are bespoke to our clients’ business. This is often coupled with media training for key executives, given the need for executives or directors to front the media in many high-profile incidents.
Our approach to notifiable data breaches (or suspected notifiable breaches) is a tried and trusted approach that allows us to effectively help clients prepare and navigate every stage of a data breach, even after the incident has been managed.