Cameron Carr

Managing Associate


Cameron Carr provides strategic advice to clients on cyber incident response and cyber risk management. He also uses his experience to offer practical advice on cyber insurance coverage and policy wordings.

Cameron has supported clients across a substantial number of high-profile cyber incidents, both in the UK and abroad. As breach response counsel, he has co-ordinated multiple expert teams to help clients respond to sophisticated malicious cyber acts and wider cyber incidents.

He applies his experience on the ground to his approach to cyber risk management and insurance. He has advised on multiple cyber insurance policy wordings and “silent cyber” projects across the London market.

He also provides strategic advice to incident response firms, including those looking to enhance market presence in incident response, and threat intelligence.

Cameron has completed two secondments in claims teams at major international insurers.

  • Cyber Breach Response

    • Representing a large international financial provider following a sophisticated ransomware incident.
    • Representing a UK public body following a major ransomware attack and resulting in a substantive data subject notification exercise.
    • Representing a number of educational bodies following a scourge of PYSA cyberattacks including notifying data subjects following data exfiltration and publication.
    • Representing a construction firm during a ransomware incident involving triple extortion tactics and facilitating relevant ransomware negotiations.
    • Successfully bringing an injunction against a third-party file sharing site in New Zealand following the publication of sensitive data.
    • Representing a major international insurer in co-ordinating its global response to an incident involving its data processor including management of local counsel and weekly board reports.
    • Representing over 100 different clients in response to ransomware, business email compromise, card skimming and cryptojacking incidents.

    Cyber Policy Wordings

    • Assisting an international insurance representative body on a new cyber exclusion for the London market.
    • Advising an international insurer on an extensive systemic risk review on cyber risk and advising on extensive policy revisions across multiple lines of business.
    • Advising an international specialty carrier on a new cyber product for the London market.

    Privacy Litigation

    • Representing an international insurance broker in data subject litigation following the inadvertent publication of client details.
    • Representing a UK-based charity in actions for breach of GDPR, Misuse of Private Information and Breach of Confidence following a cyber incident involving a supplier.
    • Representing educational bodies following PYSA data incidents following claims from former employees arising from the publication of data.
    • Defending a claim made against an IT provider arising from its management of a major ransomware incident.

    Please note: Cameron’s experience includes that prior to joining Orrick.