Mishcon de Reya has been accredited by the UK National Cyber Security Centre under their Cyber Incident Exercising Scheme, the first and only law firm to be accredited in this way.
Cyber incident exercises are vital for building organisational resilience. By simulating realistic attacks, they help teams test and improve their response procedures, identify gaps, and ensure everyone is prepared for a real incident. Regular exercises reduce risk, speed up response times, and demonstrate strong governance.
The accreditation covers Mishcon de Reya’s Cyber Risk and Complex Investigations practice, as well as its leading Reputation Protection and Crisis Management and Data Protection teams. It reflects the firm’s ongoing commitment to providing clients with the highest standards of advice and support in managing and preparing for cyber threats, data breaches, and complex cyber-related investigations.
The NCSC Assured Service Provider scheme is designed to assure organisations that they are working with expert partners who adhere to rigorous standards set by the UK’s national authority on cyber security. By achieving this status, Mishcon de Reya demonstrates its capability to deliver robust, scenario-based cyber incident exercising – enabling clients to test and improve their preparedness for real-world cyber incidents, as well as supporting board-level resilience and crisis management.
Commenting on the accreditation, Joe Hancock, Partner and Head of Cyber Risk and Complex Investigations at Mishcon de Reya, said:
“We are delighted to be the first law firm recognised by the NCSC as an Assured Service Provider for Cyber Incident Exercising. I believe that the exercising and testing your approach to incidents ahead of the real thing is crucial to build resilience. Our multi-disciplinary approach ensures that clients benefit from comprehensive legal, technical, and reputational expertise in one place.”
Emma Woollcott, Head of the Reputation Protection and Crisis Management team, said:
"In crisis situations, the ability of leaders to make confident and sensible decisions under pressure, is significantly improved by knowing that they are well-prepared, well-supported, and well-informed. We are in the unique and privileged position of being seasoned crisis specialists within a full-service law firm, with the ability to quickly convene dynamic and diverse teams, who work together collaboratively, without bureaucracy or ego. This pays dividends when pre-empting and mitigating, or when working at pace to mitigate the impact and fall-out of Cyber and other incidents."
James Boyle, Partner and Head of the Data team, said:
"Being able to stress test clients' breach readiness, drawing on real-life communications from threat actors and mirroring the quickly changing environment in the first few hours and days following an incident has proven incredibly useful, time and time again for our clients. Working through issues such as "who was missing in the room?", "would you pay the ransom?" and "what do you say to your customers, and when?" all within a safe space helps develop a group of incident responders well placed to navigate to a real incident."
Clients across a broad range of sectors already trust Mishcon de Reya to advise on some of the UK’s most high-profile and complex cyber incidents. The NCSC’s assurance provides further confidence that the firm’s services meet the highest national standards of excellence and effectiveness.
This latest accreditation follows on from previous NCSC Assured Service Provider accreditations in Incident Response and Risk Management, for which Mishcon de Reya was also the first law firm to be recognised.
For further information on Mishcon de Reya’s cyber services, or to discuss how the firm can support your organisation’s cyber resilience, please contact Joe Hancock.