• Blue Coat Systems, Inc., a cybersecurity firm that counts 80% of the Fortune 500 as customers and blocks over three million threats a day, agreed to be acquired by the investment firm, Bain Capital, for $2.4 billion. Blue Coat was previously bought by the private equity firm Thoma Bravo LLC for $1.3 billion in 2012.
  • PayPal paid $60 million for cybersecurity firm CyActive. As the finance sector faces continued pressure from investors to provide online security, PayPal is keen to bolster its cyber credentials.  CyActive specialise in “predictive cybersecurity”.
  • The latest Cybersecurity 500 (containing the cybersecurity companies to watch in 2015) has been released, and features only 11 UK companies, as reported by TechWorld.
  • The cybersecurity firm, Darktrace, announced that it will be investing $18 million in hiring new recruits. CEO, Nicole Eagan, is particularly keen to narrow the gender gap within the industry by looking for more female … Continue Reading ››
A fourth trilogue meeting to agree the Network and Information Security Directive (NISD) took place yesterday, 29 June.  The Council’s Latvian Presidency, whose term ends today, published this release heralding the “breakthrough” in talks with the European Parliament to finalise the law. However, this is an “understanding on the main principles” of the Directive, rather than an agreement on the final text. The most controversial aspect of the proposal – namely the extent to which online platforms should be subject to the new requirements on breach reporting – does not appear to have been fully resolved. The press release states that: “It was agreed that digital service platforms would be treated in a different manner from essential services.  The details will be discussed at a technical level.”  It is unclear at this stage just how differently, and what this might mean in practice.   The UK is one of the Member States … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. EU policy and regulatory developments
  • Network Information Security Directive (NISD): The indications are that further trilogue negotiations to agree the Directive are due to take place, today 29 June. “Rapid” adoption of the NISD, and adoption of the GDPR by the end of the year, were among the conclusions adopted by Member States at the EU Council meeting on 25 and 26 June. A debrief from the trilogue is on the agenda for a meeting of the Council’s permanent representatives in Brussels tomorrow. The Council’s telecoms working party is due to meet on 2 July and according to this agenda there will be a debrief on the latest trilogue negotiations. Over the past week, further preparatory documents related to the trilogue - dated 23 and 26 June … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. EU policy and regulatory developments 
  • General Data Protection Regulation (GDPR): As Datonomy readers will by now be well aware, on 15 June the GDPR reached another key milestone with the EU Council (i.e. Member States) adopting their “general approach” to negotiating the whole proposal with the Parliament and the Commission. This means that all three EU institutions have declared their negotiating stance on the wide ranging proposal and that three way negotiations can now begin.  The first such trilogue is scheduled for 24 June, with a six month provisional timetable recently outlined by a group of MEPs here, aimed at adoption of the proposal by the end of 2015.  Given the complexity of the proposal and the fact that it has already taken three and a half years to … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • On 11 June the much-anticipated Report of the Investigatory Powers Review (or Anderson Report) was published, making recommendations for overhaul of the UK’s regimes for communications data retention and communications interception. It will inform the government’s promised Investigatory Powers Bill which is due to be published in the autumn for pre-legislative scrutiny. The news has been widely covered by the BBC, the Guardian and there is tech industry reaction on the website of Tech UK.
EU policy and regulatory developments
  • Network Information Security Directive (NISD): Inter-insitutional agreement on the draft Directive before the end of June – when the rotating Council Presidency will change hands from Latvia to Luxembourg – is looking less likely. The Telecoms Council met on 12 June to discuss … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • PwC has released its 2015 Information security breaches survey, conducted on behalf of the Department for Business, Innovation and Skills.  Some of the key findings from the report include:
    • There has been an increase in the number of large and small organisations suffering security breaches (90% of large organisations reported that they suffered a security breach – up from 81% in 2014);
    • For large organisations, the median number of security breaches for a year was 14;
    • The average cost of the worst single breach suffered by large organisations has more than doubled (from £600k to £1.46m);
    • Despite this increased severity, employee vigilance appears not to be improving as the 50% of the worst breaches suffered were attributed to inadvertent human error (up from 31% in 2014).
  • On the back … Continue Reading ››
The latest round up of regulatory news from the Datonomy blogging team at Olswang LLP. Reports and statistics  The Ponemon institute has published its 10th annual benchmarking study into the Cost of Data Breach for the US. Headline statistics, which drew on a sample of 62 US companies in 16 sectors, include the following:
  • $6.5m is the average total cost of data breach
  • 11% increase in total cost compared to last year
  • $217 is the average cost per lost or stolen record (up 8%)
  • Malicious or criminal attacks continue to be the primary cause of breach, and these were also the most costly breaches.
Olswang will provide further coverage of the latest Ponemon findings in its Q2 Cyber Quarterly . UK policy and regulatory developments
  • CERT-UK: CERT’s latest weekly update is available here and highlights the risk from phishing attacks launched by means other than email (e.g. text and instant messaging apps) along with … Continue Reading ››