Advice on cyber attacks

Cyber attacks & data breach

Respond in a legally compliant manner, reduce risks.

We oversee responses, reporting obligations and claims, covering everything from forensics and communication with the authorities to prevention.

Arrange an initial consultation

Challenges

Common pitfalls of cyber attacks

  1. Respond immediately, prioritise correctly
    Every minute counts. Clarify the facts, organise courses of action, and manage escalations.
  2. Reporting obligations & communication
    Who needs to be informed and when (e.g. authorities, affected parties and partners)? How can communication be conducted in a legally compliant manner?
  3. Liability & damages
    Assess your own and opposing claims, and defend or enforce them strategically.
  4. Forensics & evidence
    Determine the attack path, data leakage and scope in a legally compliant manner without further endangering operations.
  5. Resilience & prevention
    Refine processes, contracts and technology to prevent recurrence and reduce risks.

Relevance

Who we help and why

We structure responses, reporting channels, and claims for CISOs, in-house lawyers, SaaS companies, and medium-sized businesses – discreetly, reliably, and practically.

CISO

We coordinate immediate measures, forensics and reporting channels, ensuring that the documentation remains verifiable.

CISO

We now need a clear response plan that covers forensics, reporting and communication.

In-house lawyers

We examine the legal situation, provide reliable recommendations and oversee communication with the relevant authorities.

In-house lawyers

It is crucial that we assess reporting requirements and liability risks quickly and accurately.

Medium-sized enterprises

We support the decision-making process, negotiate discreetly and offer protection in the event of media exposure or liability issues.

Medium-sized enterprises

Ransomware is crippling our operations. We are uncertain about the demands being made and how this will affect our public relations.

SaaS companies

We draft legally compliant information letters and review contractual and SLA obligations. We also assist with customer coordination.

SaaS companies

Customer data has been affected – we need scalable notifications and stable SLAs.

How we advise you

Clarity instead of risk: systematic security

Our consulting services for cyber attacks & data breaches:

  1. Rapid initial legal response: assessment of the situation, prioritisation and immediate measures
  2. Review of reporting obligations: authorities, affected parties and partners, and deadlines and content (including GDPR)
  3. Forensic investigation: origin, scope and data leakage, and cooperation with technical teams
  4. Liability and damages: assessment, defence/enforcement and settlement strategies
  5. Representation and negotiation: vis-à-vis authorities, claimants and (discreetly) attackers
  6. Public relations and media law: statements, Q&A and reputation protection
  7. Readiness checks and prevention: guidelines, training and technical and organisational measures
  8. Contract review: service providers, partners and insurance companies, and liability, SLA, TOM and cooperation obligations
  9. Incident and communication plans: roles, playbooks, templates and exercises
  10. Cooperation with ISiCO: technical expertise for analysis and hardening of infrastructure

Your result

Clear measures, secure contracts, tangible solutions

You remain in control

We organise measures, roles and schedules, providing verifiable documentation.

You fulfill your reporting obligations reliably

We clarify who you need to inform, when and how, in a manner that is both legally compliant and proportionate.

You limit legal risks

We evaluate claims and oversee defence or enforcement.

You know the cause and extent

We secure evidence, analyse the attack path and identify data leakage.

Your communication stands up to scrutiny

We create legally robust communications for public authorities and the general public.

You are better equipped

We bridge the gaps in processes, technology and contracts, including training and playbooks.

Contributions to cybersecurity

How to act correctly and quickly

Would you like to familiarise yourself with the topic of cybersecurity first? No problem! You will find all the articles and downloads we have created on this topic so far here.

Protection against ransomware

egular backups, securing network systems and employee training are all key preventive technical and organisational measures that can help avoid attacks. Find out how to optimally protect your business and how to respond in an emergency.

More

Ransomware: incident response from a legal perspective

A ransomware incident not only affects the IT infrastructure, but also triggers a series of legal obligations. In this article, we will show you which legal requirements are particularly relevant in such a crisis situation and what measures you can take to reduce risks.

More

Data protection incident: How to comply with reporting requirements and meet deadlines

Is the incident reportable? What is the time frame for reporting? What must the report include, and how does the reporting process work? We answer all these questions and provide step-by-step instructions for reporting data protection incidents.

More

AI-based cyberattacks: risks, strategies and compliance

Automated vulnerability analyses, deceptively realistic deepfakes and sophisticated social engineering attacks are putting companies under severe pressure, as adequate countermeasures are costly and struggle to keep pace with the rapidly evolving threat landscape.

More

Are your contracts prepared for cyber attacks?

As well as technical aspects, such as implementing appropriate technical and organisational measures, contracts should include provisions for possible cyber attacks. This applies to contracts with business partners, customers and insurance companies. We can show you what is important.

More

Defend against cyberattacks by raising awareness

We will show you how targeted awareness measures, legally sound training and a constructive approach to errors can be used together to create an effective defence against digital threats.

More

Cybersecurity laws in the EU and Germany

We provide an overview of the most important national and European cybersecurity legislation, explaining how it relates to each other and outlining the key industry-specific features.

More

DORA regulation: deadlines, scope and requirements

The Digital Operational Resilience Act (DORA) imposes new obligations on affected companies. In this article, we explain exactly who is affected by the regulation, which new obligations apply, and what needs to be considered.

More

Free initial consultation

Prioritise your IT security in 30 minutes

Arrange your consultation today

We provide a clear overview of the scope of application, the most pressing gaps and the initial measures in a concise and practical manner.

Raphael Jünemann
Lawyer, Senior Associate | Berlin

Intro

Our motto: secure, radical, digital

SRD is the boutique law firm for digital projects, supporting you from kick-off to go-live. We combine technical innovation with compliance. We create radically clear legal scope for this.

Unsere Auszeichnungen

Unsere Marktlösungen

Contact us

Your experts in cyber attacks

Raphael Jünemann

Lawyer, Senior Associate Berlin

Dr. Jan Scharfenberg, LL.M. (Stellenbosch)

Lawyer Berlin

Simone Rosenthal

Lawyer, Partner Berlin

Contact

Bye, bye legal Standby

There's no need to wait for the legal team – with us, you'll receive clarity at project speed.

Arrange your consultation today