Allen & Overy (A&O) has hired a team of cybersecurity experts in London from Norton Rose Fulbright (NRF) amid a global rise in cyber attacks.  

Ffion Flockhart has been appointed global head of cybersecurity at A&O, which she is joining after 20 years at NRF, where she co-led its global data protection, privacy and cybersecurity practice. She is moving across with partner Charlie Weston-Simons. 

A&O said the new arrivals would work with clients to handle cyber incidents and manage data risk, from prevention to response. 

“We are laser focused on supporting our clients to negotiate the evolving risk landscape,” said A&O’s global litigation co-heads, Karen Seward and David Esseks. “This team’s expertise in cybersecurity will allow our clients to navigate a multitude of legal risks at a time of acute crisis in order to achieve the best possible outcome.”

At NRF, Flockhart advised on various aspects of cyber risk management and coordinated its global crisis response team. She handled incidents primarily for large listed companies in sectors including finance, transport, infrastructure, energy, technology and retail according to her biography on the firm’s website. 

Her day-to-day work at the firm involved overseeing forensic investigations, liaising with government authorities and regulators and advising on the interaction with commercial counterparties, as well as helping defend mass claims.

Meantime, Weston-Simons is a litigation and dispute resolution lawyer with a particular focus on insurance issues, professional negligence and cyber litigation. He has moved over after 10 years at NRF, where he made partner in 2020, and earlier practised at Herbet Smith Freehills. 

A&O has itself been the victim of a cyberattack recently that was reportedly carried out by the Lockbit cybercrime gang, which a number of countries including the US and UK have named as the world’s top ransomeware threat. 

A spokesperson for A&O confirmed last week that the firm had experienced a “data incident impacting a small number of storage servers” and had suffered “some disruption”, but continued to operate normally. 

According to Reuters, Lockbit gave A&O a deadline of 28 November to “negotiate” – that is, pay a ransom.  

Last year, the UK’s Solicitors Regulation Authority warned that the rise of remote work during the pandemic and law firms’ growing reliance on IT had created more opportunities for cybercriminals.

And earlier this year French and British authorities also said that mercenary hackers are increasingly being used to target law firms to steal data that could change the outcome of legal cases.

Flockhart and Weston-Simons are the latest partners to join A&O ahead of its merger with Shearman & Sterling, which is set to complete by next May after being almost unanimously agreed by the partnerships of both firms in October. The merged firm, to be known as A&O Shearman, will have revenues of around $3.5bn and almost 4,000 lawyers globally. 

In September it hired disputes partner Daniel Garton from White & Case in London and in August it hired Kfir Abutbul from Paul Hastings to lead its US energy private equity business.

A Norton Rose Fulbright spokesperson, meanwhile, said the firm had "one of the largest and most highly regarded global cybersecurity and privacy teams" with more than 90 lawyers, led by Chris Cwalina, who is based in Washington DC.  

"We have the technical understanding, the experience and the resources to help our clients assess and improve their cybersecurity and data privacy programs and to guide them through a cyber incident from start to finish – with the mission of defending their interests and leaving organizations in a better place than where they started," the spokesperson added.