Rachael Falk
Partner, Risk Advisory
Sydney
-
Overview
-
Experience
Introduction
Rachael is widely known in Australia for her extensive knowledge and deep experience in cyber security and related regulation.
She advises Boards and executive teams on high-profile cyber incidents, governance reviews, and resilience, bringing deep operational, legal, and regulatory expertise. She works closely with the Legal team advising on how to interpret and operationalise the Security of Critical Infrastructure Act 2018.
Earlier in her career, Rachael practised as a lawyer at Blake Dawson Waldron (Ashurst) then for over a decade as a Legal Counsel at Telstra Corporation Limited. Rachael Prior to joining Ashurst Perkins Coie, Rachael served as the Chief Executive Officer of the Cyber Security Cooperative Research Centre for more than six years, where she ran a cyber security research organisation with a multi-year program collaborating between industry, government and academia.
During that time, Rachael was asked by the Australian government to lead an Independent Review of the Australian Government's response to two major cyber incidents. Her work informed significant reforms, including the introduction of Australia's Cyber Security Act and updates to the Security of Critical Infrastructure Act.
Rachael co-authored the Australian Institute of Company Directors & Ashurst Governing Through a Cyber Crisis and both editions of the Cyber Governance Principles. She serves as a Distinguished Advisor at the ANU National Security College and on the RAND Australia Advisory Board.
- DigiCo Infrastructure REIT | 2025 | Advised on SOCI Governance and support.
- Cyber incidents response (various) | Working with Ashurst Perkins Coie Legal on advising on all aspects related to Post Incident Reviews, remediation and uplift
- M&A | Cyber due diligence in relation to acquisition
- SOCI Act | Advising boards and internal teams on operationalising various obligations of SOCI
- Data Centres | Advising on SOCI and related obligations, Board obligations and establishing a Risk Management Plan
Latest thinking
Carousel: clicking the "Previous" or "Next" button changes the content between the buttons.
-
Business Insight 
APRA and ASIC Sound the AI Alarm for Boards and Executives
May 11, 2026
Discover more -
Business Insight 
Frontier cyber AI: Be alert, but no need to panic... if you take action now
April 15, 2026
Discover more -
Business Insight
Your Board, Their Rules: Inside SOCI's Proposed Ministerial Powers
April 15, 2026
Discover more -
Case studies 
Post-incident cyber governance review - Listed Transport Company
April 08, 2026
Discover more -
Case studies 
Responding to a global cyber incident - Major Multinational Corporation
April 08, 2026
Discover more -
Case studies 
End-to-end cyber incident support - CS Energy
April 08, 2026
Discover more -
Case studies 
Cyber readiness review & simulation - Tier 1 Bank
April 08, 2026
Discover more -
Case studies 
Cyber incident transport & operational disruption - UK Public Transport Authority
April 08, 2026
Discover more -
Case studies 
Critical infrastructure sector resilience - Industry Owned Governance Body
April 08, 2026
Discover more -
Case studies 
Strategic cyber adviser to the CEO & Board - Medibank Private
April 08, 2026
Discover more -
Legal development 
How Australia's ASIC v FIIG decision supports your cyber investment business case
March 25, 2026
Discover more -
Business Insight 
Cyber readiness lessons from Australian Clinical Labs and Australia's first privacy penalty
October 20, 2025
Discover more
Latest news, deals and awards
Carousel: clicking the "Previous" or "Next" button changes the content between the buttons.