Edward Lewis

Edward has a deserved reputation as a “marquee name” in cyber and is the preferred choice advisor to many corporations, public bodies, the emergency services and insurers when it comes to matters of strategic, reputational, or political importance involving IT infrastructure, data, technology, media & privacy. He is also one of only a handful of lawyers whose cyber expertise extends to an intimate knowledge of insurance law and the interpretation of cover for cyber-related losses.

Under his leadership, the CyXcel team at Weightmans has evolved to become one of the most specialised and experienced cyber risk advisory, crisis and litigation practices in the UK, assisting organisations at all stages and with all aspects of digital transformation.

The CyXcel team’s proven track record includes the legal architecture design for some of the largest and most complex data processing and commercialisation projects ever undertaken in the UK. When it comes to cyber incidents, the team has also successfully led the response to some of the most challenging security and data breaches across a range of sectors worldwide — from privacy violations resulting from phone tapping and covert surveillance, to D-DOS and ransomware attacks by organised crime syndicates and drug cartels, statecraft and espionage, as well as destructive network intrusions by hostile actors.

Edward writes regularly for mainstream media, is at the forefront of thought-leadership on incident response strategy and directly involved in UK-led efforts to regulate cyber security, solve the challenges posed by systemic risk, and create a cyber cat loss market within insurance. The team recently received national acclaim for their efforts in tackling ransomware gangs after making new law in XXX v Persons Unknown.

Legal 500 describes Edward as “Brilliant, an excellent negotiator; bright, commercial, serious and tough”.

Relevant experience

• Ransomware attack on provider of specialist engineering and security for nationally significant infrastructure, essential services, and UK defence projects.
• High-profile threat actor network intrusion, including regulatory investigation and liaison with Israeli intelligence.
• Exposure mitigation and recoveries for a well-known business in the care sector whose “SaaS” data was compromised in the widely reported “Typeform” breach.
• Communications hijacking and push payment fraud involving marine cargo companies in the UK and Latvia.
• Espionage and network intrusion of a global humanitarian organisation by a state-actor.
• Ransomware attack on a US Biosciences group, resulting in the encryption of its global IT estate and the exfiltration of personal data affecting individuals in the US, UK, EU/EEA, Russia, Switzerland, and the Congo.
• Privacy and human rights violations by global retailer involved in covert CCTV surveillance exposed by the mainstream media.
• Governance and processing errors concerning sensitive personal data, including grievance and disciplinary records, leading to a hostile recipient making onward unauthorised disclosures to other victims and the red-top media.
• Breach of Office365 environment when a UK University fell victim to a Business Email Compromise attack, affecting both staff and students.
• Spear-fishing attack on the CEO of a US Private Equity company.
• Sensitive data breach for a global airline logistics provider.
• Rescue of a well-known global fashion retailer following paralysis of its trading in Australia, Canada, Hong Kong, India, New Zealand and Singapore owing to systems encryption by ransomware.
• EU-wide service disruption impacting one of the “Big 4” following malfunction of a network array.
• Consulting to insurers and government on cyber war, systemic risk, propagation and cascade failure.