About

Managing organizational cybersecurity risk and navigating compliance and risk mitigation are increasingly complex tasks, as standards and legal requirements continue to evolve across jurisdictions and sectors. Cybersecurity breaches and legal non-compliance can disrupt business-as-usual activities and lead to technical investigations, regulatory fines, theft of corporate information and loss of intellectual property, as well as litigation and criminal liability.

White & Case's global cybersecurity team provides bespoke advice on compliance requirements, risk management strategies and incident response across jurisdictions. We prioritize pragmatic solutions that create minimal business interruption.

Our services include:

Compliance with laws including the UK NIS Regulations, Product Security and Telecommunications Infrastructure Act 2022, Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023, EU NIS 2 Directive, EU Digital Operational Resilience Act (DORA), EU Critical Entities Resilience Directive, EU General Data Protection Regulation (GDPR), the UK GDPR, the New York Department of Financial Services Cybersecurity Regulation, the Health Insurance Portability and Accountability Act (HIPAA), the Gramm Leach Bliley Act (GLBA), the California Consumer Privacy Act (CCPA), and other federal and state cybersecurity laws in the US and similar regulations around the world
Cyber incident investigation and reporting
Regulatory engagement and litigation
Cybersecurity-related litigation and disputes
Guidance on cybersecurity privacy policies and procedures
Cybersecurity legal gap analysis and risk assessments
Cybersecurity legal mitigations and compliance strategy advice
Strategic advice on addressing cybercrime and espionage
Cybersecurity training and awareness