Cyber Security
In focus: How to deal with security incidents and loss of data
Fieldfisher has helped clients manage hundreds of security incidents. We are one of the leading European law firms with specialised expertise in handling complex security incidents.
In our experience, companies are currently increasingly facing the following challenges:
- Direct attacks on systems, e.g. Stuxnet, with attacks on control systems widely used in industry
- Complex supply chain attacks, e.g. in the case of SolarWinds, in which connected customers have to check whether they have also been targeted and, as a precaution, take systems off the network or initiate decontamination procedures.
- Newly discovered system vulnerabilities, such as the Log4Shell zero-day vulnerability in the widely used Apache Log4j framework, which constantly present companies with dynamic challenges.
- ‘Ransomware as a Service’, e.g. as in the case of REvil, where Black Hat hacker groups specialise in developing ransomware and receive a share of the extorted funds.
The European Union Agency for Cybersecurity (ENISA) predicts that attacks on the European supply chain will quadruple in the coming years, with attacks on cloud infrastructures increasing as much as fivefold.
In focus: NIS2 compliance
With the NIS2 Directive, the EU legislator has provided a new framework in the area of Cyber Security. In Germany alone, the law will affect around 30,000 companies that were not previously subject to the security requirements for IT systems, compared to the previous directives. The implementation of the directive into the national law of the EU member states results in a rather complicated picture of nationally different regulations. Since the directive only sets a minimum standard, regulations may differ at the national level and may go beyond the standards set by the directive. To ensure compliance with European Cyber Security standards, a precise analysis of the parties concerned is therefore required to determine which legal requirements of the member states apply in individual cases and which national particularities must be taken into account.
Companies affected by this may face severe penalties if the required technical and organisational measures do not meet the legal requirements. This also applies to compliance with the stricter reporting requirements for data breaches and the communication of technical security requirements along the supply chain.
Why choose our Cyber Security lawyers?
Fieldfisher takes a holistic, multi-disciplinary approach. With data protection and information security as our core practices, we have an impressive track record of helping our clients comply with legal and regulatory requirements and prepare for and respond to security incidents.
We draft the necessary corporate policies and stand by our clients when the crypto trojan strikes. We regularly advise on the legal risks involved and whether incidents need to be reported to the regulatory authorities. In our experience, Cyber Security is not just about compliance with guidelines and reporting breaches to regulators when required by law. Our clients need practical advice on when reporting is necessary, what other businesses are doing, what the market practice is, what regulators are expecting and how this will affect their risk profile.
-
Partner, Co-Head Technology & Data Practice GroupData ProtectionDispute ResolutionTechnology and DataTechnology and Outsourcing
-
Partner, Technology & DataArtificial Intelligence (AI)Automotive & MobilityTechnology and OutsourcingTechnology, Media and Telecommunications
-
Partner, Technology & DataCyber SecurityData ProtectionTech Meets Finance (TMF)Technology
-
Partner, Co-head of TechnologyArtificial IntelligenceCyber SecurityData ProtectionTechnology and Outsourcing
-
Partner, Technology & DataArtificial IntelligenceCyber SecurityData ProtectionFinancial Services
-
Counsel, Technology & DataArtificial IntelligenceCompetition LawCyber SecurityData Protection
-
Counsel, Technology & DataArtificial IntelligenceCyber SecurityTechnology and DataTechnology and Outsourcing
-
Senior Associate, Technology & DataCompetition LawCyber SecurityData ProtectionTech Disputes
-
Associate, Technology & DataData ProtectionMediaTechnologyTechnology and Data
-
Associate, Technology & DataArtificial IntelligenceData ProtectionTechnologyTechnology and Data
Our Services:
- Comprehensive advice on all matters of Data Protection and IT Law
- Impact assessment of new legal requirements in the area of Cyber Security (esp. NIS2)
- Development and expansion of your compliance and governance structures
- Support of compliance and HR departments in internal audits
- Review of insurance contracts to ensure that the most important risks are covered in the event of a data breach
- Appointment as external data protection officer or support of the internal data protection team
- Strategically clear advice on how to proceed in the event of data security incidents
- Managing disputes arising from cyber security incidents and data loss
- Providing support in due diligence for transactions, especially in data-driven business models
- Advice on sector-specific data protection requirements, for example in regulated industries such as financial services, life sciences and telecommunications
- Accompanying audits of service providers and customers
- Support and representation in proceedings with supervisory authorities
Insights
All Insights
19/11/2025
BNetzA launches consultation on new IT security catalogue
The German Federal Network Agency (BNetzA), together with the Federal Office for Information Security (BSI) and the Federal Commissioner for Data Protection and Freedom of Information (BfDI), has published a new draft of the catalogue of security requirements that apply to telecommunications services in Germany.
