Partner, Clyde & Co
Reece advises boards and other senior members in the executive, legal, IT, risk management and public relations functions to navigate Australia’s complex cyber landscape. Reece and the wider team have helped thousands of entities respond to incidents, including some of Australia’s most prominent and industry-wide cyber events in recent times, and several supply-chain attacks and multi-party-data- breaches. Following cyber incidents, Reece acts in third party IT liability claims, consumer claims, regulatory investigations, and recovery actions. It is this end-to-end experience which informs Reece’s approach to managing a cyber crisis.
Senior Associate, Clyde & Co
Samantha specialises in cyber incident response management and privacy law with
a particular focus on enhancing cyber readiness. She plays a crucial role in assisting entities to navigate their strategic response to cyber incidents and advising on complex legal and regulatory privacy and data issues. Samantha also has experience in commercial litigation, including advising directors in respect of breach of directors’ duties claims.
It’s a question very few people want to ask but given the current cyber risk landscape shows no signs of slowing, it’s likely an inevitable question for organisations, including local governments.
The good news is that all LGIS members, through their Scheme protection, have access to a Cyber Incident Manager, often referred to as a ‘Breach Coach’. This service is run by Clyde & Co – Australia’s largest incident response team who have dealt with 2,000+ incidents (and >100 for local governments). It’s backed by a vendor team of 80 pre-qualified vendors who assist with the response lifecycle across various domains. Think of LGIS cyber protection as a retainer service. A promise to respond, not just a promise to pay.
Think of a Breach Coach like roadside assistance for a cyber incident – they come to assist in your time of need with the sole aim of getting your organisation back up and running and to enhance your incident response capabilities.
Given a cyber incident is a whole of business and not just an IT issue, your Breach Coach will work with you to manage and advise on the various workstreams that arise during an incident – supporting the crisis management team with the response.
So, what happens when you call a Breach Coach? Within a couple of minutes, we jump on a call to triage the incident with you. From there, we identify what workstreams need to be activated and help you organise your response by reference to each of these workstreams.
We lift the lid on each of the workstreams and the assistance your Breach Coach can provide further below.
The 2024 WA Local Government Convention over 8 to 10 October was an excellent opportunity to chat with members and talk about the issues that matter to you. Over 650 delegates attended from across the state and we appreciated the effort many made to seek out our team to provide feedback and ask questions.
Members are once again asking questions about fire safety for e-bikes, e-scooters and other light electric vehicles (LEV), alongside the installation of EV charging stations. This is an evolving risk area and members should consider the developing situation.
2023/24 proved an interesting year for the LGIS scheme and our members. There have been inflationary pressures, labour markets have been tight and skilled workers difficult to find, the workforce is ageing, and there has been substantial legislative change including the Local Government Act and a brand-new Workers Compensation and Injury Management Act.
The first step in managing a cyber incident is to develop your incident response strategy. The Breach Coach works with you to manage your strategic response to the incident, ensuring that you can return to business as usual (BAU), as soon as possible. This involves identifying the scope of the incident, assessing the impact, and prioritising actions to mitigate damage and restore operations.
Effective communication is critical during a cyber incident, and we often say to clients that communications are the battleground of effective incident response. Your organisation’s response to an incident will be judged by the quality of your communications. Clear, consistent, and accurate communication helps maintain trust with stakeholders and the public.
Your Breach Coach will work with your team to draft or review communications at each stage of the incident response lifecycle. This ensures that all communications align with best practice, build upon the lessons learnt in previous incidents, and don’t create alarm or concern.
Communicating effectively through the response in a confident and purposeful manner is key.
In some cases, dealing with threat actors is unavoidable (and yes ‘threat actor’ is an accepted term in the industry). This workstream aims to manage the threat actor’s demands and minimise the impact on your local government.
Your Breach Coach will engage a specialist threat actor negotiation / intelligence provider to assist you to determine whether to engage with a threat actor. If you decide to engage, the vendor will conduct negotiations on your behalf and, if required, facilitate a ransom / extortion payment where it is legal and necessary to do so.
While your Breach Coach is a law firm, they aren’t your typical law firm and have non-lawyers and cross-trained crisis managers within the team. Outside of their own team’s capabilities, they will engage containment and forensic vendors on your behalf to preserve applicable legal professional privilege.
From there, the relevant vendor/s will work with your in-house IT team to ensure the incident is contained, assist you to activate key backups, and conduct a forensic investigation into the incident. Your Breach Coach will work with you and the relevant forensic vendor, to ensure that the investigation focuses on obtaining the information necessary to inform your legal obligations arising from the cyber incident.
Throughout the incident, the Breach Coach wears two hats – that of a Breach Coach and legal counsel.
Wearing the legal counsel hat, they provide legal advice regarding your obligations to notify regulators, law enforcement, and impacted individuals. This includes advice regarding the impact of the incident from a privacy law perspective and can work with partner offices and broader networks to provide advice on obligations arising from incidents in overseas jurisdictions (if this is ever required).
Additionally, they assist in managing responses to regulators and provide strategic advice on regulatory / government engagement and management. If necessary, they can also help your local government seek injunctive relief in the courts to prevent access to any data disclosed on the dark web, including access by stakeholders and the media.
In an incident, the Breach Coach is engaged by you directly and acts for you. Once retained, they will engage Chubb approved vendors on your behalf to ensure applicable legal professional privilege attaches to the engagement.
Subject to the terms of your policy, you will be liable to pay the response costs up to the limit of the deductible, and then from that point on you may seek to recover costs that fall within your policy from the Scheme. Accordingly, effective coordination with the Scheme ensures that you receive the support you need to manage the financial impact of the incident and ensure an effective response. Your Breach Coach will assist you by providing regular updates and guidance to the Scheme and its indemnity provider Chubb, to help them come to a determination regarding coverage quickly – to give you the confidence to respond with your best foot forward, and with costs certainty in mind.
The final phase of managing a cyber incident involves remediation and post-incident review. The Breach Coach assists you throughout the tail end of the incident by helping you manage support pathways for affected individuals, business interruption loss claims, and defend or pursue any legal or regulatory action flowing from the incident.
While a cyber incident is a challenging and stressful event, having a Cyber Incident Response Manager can make a significant difference. They provide expert guidance and support across multiple workstreams, ensuring that your local government can navigate the incident effectively and return to BAU as quickly as possible. However, prevention is always better than a cure, and by being prepared and knowing what to expect, local governments can better manage the risks and impacts of cyber incidents. To assist members, prepare for cyber incidents, LGIS has published practical and comprehensive guides outlining how to manage a cyber incident. To access these guides please make sure you’re logged into the LGIS website and visit Risk management > Cyber risks > Cyber risk resources.
We encourage you to line up a free one-hour call with the team, to understand more about the services, how they fit in with your existing incident response plans, and answer any questions that you have. Please email [email protected] and the team at Clyde & Co will set up a session with you and your crisis management team.
The recent WA Local Government Convention was an excellent opportunity to chat with members and talk about the issues that matter to you. LGIS also appreciated the invitation from WALGA to provide members with an update at their AGM on our 2023/24 results and achievements. For more information, our end of financial year reports, A Year in Review and Annual Financial Report, are now available on the LGIS website or you can read the article on page 18.
By their very nature playgrounds have an element of risk, designed to challenge children and deliver development opportunities. They’re valued and sought-after amenities in every local government area across Western Australia. They also come with high levels of expectation from the community that they will be well designed, in appropriate locations and maintained in a condition that ensures safe and enjoyable experiences for children
The claimant (child) was travelling across a bridge in the playground and fell through a confined space causing a broken femur, cuts and bruises. The claimant alleged that the playground was unsafe and had design flaws that didn’t prevent children from injuring themselves.
LGIS is the unifying name for the dedicated suite of risk financing and management services for WA local governments, established by the WA Local Government Association in conjunction with JLT Public Sector (part of the Marsh group of companies). LGIS is managed by JLT Public Sector (ABN 69 009 098 864 AFS Licence 226827).
Risk Matters, via this website, is designed to keep members, their staff and elected members informed on topical risk management and insurance issues and LGIS programs and services.
