Tag Archives: cyber security

ICO publishes response to consultation on European Commission’s implementing regulation to the NIS Directive

The Information Commissioner, Ms Elizabeth Denham, has published her comments on the European Commission’s consultation on the draft implementing regulation (“Implementing Regulation”) of the Network and Information Security Directive ((EU) 2016/1148) (“NIS Directive”). The Implementing Regulation sets out the further elements that need to be taken into account by digital service providers (“DSPs”) under the … Continue Reading

UK government publishes digital strategy to create and support a secure and thriving data economy

On 1 March 2017, the UK government published its Digital Strategy (“Strategy”) for a “world-leading digital economy that works for everyone.”. The Strategy contains a number of statements that bring some certainty to the direction of regulation in the UK following its withdrawal from the European Union. Unlocking the data economy The Strategy notes the … Continue Reading

FDA Releases Guidance on Cybersecurity and Medical Devices

The FDA represents the latest federal agency to show a focus on cybersecurity issues with the release December 28 of new guidance. While the prospect of network-enabled medical devices increasingly offers the promise of improved care and patient treatment, evolving technology and new-found connectivity present emerging security considerations as well. The Food and Drug Administration … Continue Reading

FCA and G7 issue cybersecurity guidelines for the financial sector

In its speech at the FT Cyber Security Summit, the FCA has outlined its approach to cybersecurity in financial services firms. In addition to this, the Group of 7 (“G7”) has issued an 8-point framework for the financial sector as a push for financial firms to design a cybersecurity strategy. We explore each piece of … Continue Reading

Practical Cybersecurity Guidance from TheCityUK and Marsh

TheCityUK and Marsh have jointly published a report urging UK financial and related professional services sectors to step up their efforts to address cyber risk. The report (headed “Cyber and the City”) suggests that cybersecurity is still not being given the priority it deserves, particularly given the substantial disruption, costs and reputational damage that can … Continue Reading

Cyber Security Takes Centre Stage in UK Government’s Strategy

The UK Department for Culture, Media and Sport recently released a statement on cyber security, in which it urged businesses to take better care to protect against cyber criminals. This statement follows publication of its Cyber Security Breaches Survey 2016, which revealed that two-thirds of large businesses had suffered a cyber attack in the preceding … Continue Reading

The Network and Information Security Directive: Serious Cyber Attacks Will Require Notification

The Council of the European Union adopted the EU Network and Information Security (NIS) Directive (the ‘Directive’) 17 May, ready for final adoption by the European Parliament. The Directive, initially proposed in 2013, has been progressing through the EU legislative procedure for some time. As we reported in December last year, the Directive covers the … Continue Reading

The Future of the NIST Cybersecurity Framework

On April 5-7 2016, the National Institute of Science and Technology (NIST) hosted a workshop on its popular Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”). The workshop was preceded by a request for information  that prompted 105 responses, many from industry associations representing hundreds of companies. The discussions at the workshop are likely to influence … Continue Reading

A New EU Era of Cybersecurity on the Horizon

After almost three years, consensus has been finally reached on the text of the Network and Information Security (“NIS”) Directive, the first-ever, EU-wide cyber security regulation. The NIS Directive (or Cybersecurity Directive) lays down baseline cybersecurity and mandatory breach reporting obligations on critical infrastructure operators and digital service providers across the EU. The Directive also … Continue Reading

Lessons Learned from Ashley Madison Breach

Recent cybersecurity trends have shown that no company is safe from the threat of a data breach. It is now a matter of “when”, not “if”, a breach will occur. Companies and their employees can take preventive measures such as establishing network monitoring, developing a robust data security programme, implementing a incident response plan, and … Continue Reading

ENISA, European cybersecurity agency, releases 2014 annual activity report

On July 28, the European Union Agency for Network and Information Security (ENISA) published its Annual Activity Report 2014. The report summarises its operations and programs from the previous year, and highlights the areas in which it feels it has contributed the most to Europe’s data protection and cybersecurity environment. The ENISA prides itself on … Continue Reading

Germany passes new cyber-security law

On 25 July 2015 in Germany, the new IT Security Act entered into force. The law aims to improve IT security in companies and public bodies, especially in the field of critical infrastructure, thus stipulating minimum security standards and reporting obligations for operators and providers of communication systems. The law will affect institutions listed as … Continue Reading

UK offers improved cyber security training to boost procurement profession

On 23 June, the UK government introduced a new online cyber security training course designed to assist the procurement profession to stay safe online. After a recent government survey found that half of the worst breaches were caused by human error, the government aims to increase awareness and help organisations reduce risk. The course, freely … Continue Reading

Domestic cyber issues no more? International cyber security collaboration continues to grow

A report by PWC on the Global State of Information Security Survey identified that 2014 saw a 48% increase of security incidents over 2013, with the resulting financial loss increasing by an average of 34%. In the United States, President Obama called cyber threats from overseas a ‘national emergency’; and the UK Department of Business … Continue Reading

Cybersecurity Risks Are Higher than Ever and Are Proving Costly

Cybersecurity is an increasing concern for companies. Last April, the UK Department for Business, Innovation & Skills (BIS) published the 2014 information security breaches survey: technical report. The report comprises the findings from two online questionnaires completed by 1,125 respondents, and contains a number of important cyber-attack statistics for both large organisations and small businesses. … Continue Reading

EU Art. 29 Assesses Cybercrime Assessment

The Article 29 Data Protection Working Party (Working Party) sent a letter to the Council of Europe discussing its first assessment of several cybercrime scenarios presented at the 2014 Cybercrime@Octopus conference (Conference). The scenarios that sought to create “discussion on the consequences of data protection legislation and principles when obtaining such data in a criminal … Continue Reading

European Commission releases communication on building a data-driven economy, calling for a rapid conclusion to data-protection reform

In July, the European Commission (‘Commission’) published a communication titled “Towards a thriving data-driven economy” (‘Communication’), setting out the conditions that it believes are needed to establish a single market for big data and cloud computing. The Communication recognizes that the current legal environment is overly complex, creating “entry barriers to SMEs and [stifling] innovation.” … Continue Reading

The EU Cyber Security Directive: Latest Developments

The Cyber Security Directive (formally known as the Network & Information Security Directive) (the Directive) was considered by the European Parliament (the Parliament) in March. After a first reading of the Directive, MEPs voted strongly in favour of its progression to the next stage of the legislative process. This will involve negotiations between the European … Continue Reading

Cyber-Security in Corporate Finance

This post was written by Cynthia O’Donoghue and James Wilkinson. The ICAEW has partnered with a task force, including the Law Society, the London Stock Exchange, the Takeover Panel and the Confederation of British Industry, to publish a guide on ‘Cyber-Security in Corporate Finance’ for 2014. Please click here to read the issued Client Alert. … Continue Reading

New UK Cyber Security Principles Released

Back in 2011, the Cabinet Office launched a cyber security strategy outlining steps the UK Government would take to tackle cyber crime by 2015. The National Cyber Security Programme invested £650 million funding to support the strategy ‘Protecting and Promoting the UK in a digital world’. Measures proposed by the strategy included: Reviewing existing legislation, … Continue Reading

NIST Cybersecurity Framework

This post was written by Timothy J. Nagle. NIST published the “Preliminary Cybersecurity Framework,” comprised of a Core, a Profile, and Information Tiers, in October.  Comments were due by December 13th, and many industries, sectors and organizations have provided input.  There is general industry support for the purpose, content, and collaborative development of the Framework, … Continue Reading

EU Announces Plans for a Cyber-Security Bill

This post was written by Cynthia O’Donoghue. At an Information Security Conference on 4 November 2012, the EU Commissioner for a Digital Agenda, Neelie Kroes, revealed plans to introduce legislation involving the implementation of a high level of network and information security across the EU, effectively extending the obligations to adopt risk management measures to … Continue Reading

New UK Cyber-security Initiative to Assist Organisations facing Cyber Threats

CESG, the Information Assurance arm of UK Government Communications Headquarters (GCHQ), in collaboration with the Centre for the Protection of National Infrastructure (CPNI), has launched a new initiative called ‘Cyber Incident Response’. The scheme will offer organisations facing cyber threats the opportunity to contact companies certified to respond effectively to the consequences of cyber-attacks. The … Continue Reading
LexBlog