Ambre Cross is a Partner with Mullen Coughlin UK (MC UK) and a key member of the Firm’s regional Incident Response practice, where she acts as Breach Counsel for a wide variety of organizations in relation to both domestic and international data privacy and security incidents.
Ambre is highly experienced in dealing with all aspects of data privacy and security incident response. She is routinely called upon to advise her clients on the diverse and complex notification and regulatory obligations stemming from data privacy and security incidents in both the United Kingdom (UK) and the European Union (EU), pursuant to relevant data privacy, protection, and security legislation. Further, Ambre has an in-depth understanding of the UK regulatory process and has particular experience dealing with a variety of UK-based government and industry related regulatory bodies, including the Information Commissioner’s Office (ICO), the Financial Conduct Authority (FCA), the Solicitors’ Regulation Authority (SRA), and the Charity Commission.
As Breach Counsel, Ambre manages the full lifecycle of multi-jurisdictional incident response. She skillfully works alongside her clients to guide them through the incident response process whilst seamlessly engaging with all relevant stakeholders, as necessary, including third-party vendors, cyber insurance carriers and brokers, law enforcement, and regulatory bodies. In doing so, she provides clear, practical and strategic advice to her clients on all legal issues arising from a security incident, including the legality of ransomware payments. Ambre has a keen eye for detail and is committed to achieving the very best outcome for her clients from a legal, financial, and reputational perspective.
In addition to her incident response practice, Ambre is a seasoned litigator. With over a decade of litigation experience focused primarily on contentious matters, she is well-versed and highly-skilled in all aspects of litigation. She routinely deploys her well-tuned technical and tactical skills to defend organizations from all industry sectors against third-party data privacy and security-related claims.
Ambre is well-known in the cyber industry and has strong relationships with numerous cyber insurers and brokers, as well as cyber-adjacent industry partners. She is often invited to speak at national conferences and events on key topics, including cyber risk, cyber resilience, and cyber readiness.
Prior to joining Mullen Coughlin, Ambre was a Senior Associate for a global law firm based in Manchester, England where she managed and advised a wide variety of corporate and insurer clients in relation to both domestic and international data privacy and security incidents.
Before becoming a cyber specialist, Ambre specialized in civil and commercial litigation. She has previously gained recognition by Legal 500 for her performance in a highly-specialized area of law; in particular, it was noted that “…her knowledge and expertise inspire confidence in clients”.
REPRESENTATIVE MATTERS
- Advised a financial institution following a ransomware incident related to the legality of ransomware payment and reporting requirements to the ICO and FCA
- Advised an international technology company following a ransomware incident, including subsequent regulatory engagement in the UK, EU, and various “rest of word” jurisdictions
- Advised various organizations in relation to regulatory notifications, including their strategy related to responding to subsequent follow-up inquiries and investigations
- Advised various organizations on their reporting requirements to the ICO and any other industry-specific regulators following business email compromise (BEC) incidents
- Represented a large UK-based hospitality organization in third-party litigation arising from a data privacy and security incident
- Advised multiple companies from various industry sectors related to the applicability of the UK/EU General Data Protection Regulation following a data privacy and security incident outside the UK/EU and their subsequent exposure