Tag Archives: Cert-UK

The latest round up of regulatory news from the Datonomy blogging team at Olswang LLP. Reports and statistics  The Ponemon institute has published its 10th annual benchmarking study into the Cost of Data Breach for the US. Headline statistics, which drew on a sample of 62 US companies in 16 sectors, include the following:
  • $6.5m is the average total cost of data breach
  • 11% increase in total cost compared to last year
  • $217 is the average cost per lost or stolen record (up 8%)
  • Malicious or criminal attacks continue to be the primary cause of breach, and these were also the most costly breaches.
Olswang will provide further coverage of the latest Ponemon findings in its Q2 Cyber Quarterly . UK policy and regulatory developments
  • CERT-UK: CERT’s latest weekly update is available here and highlights the risk from phishing attacks launched by means other than email (e.g. text and instant messaging apps) along with … Continue Reading ››
Datonomy will be taking a short break over the upcoming UK bank holiday, so here is this week's round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP, a little sooner than usual. UK policy and regulatory developments
  • CERT-UK has published its first annual report detailing the major pieces of malware that have operated in the UK over the last year (spread by criminal groups and nation states), a sector breakdown, a review of the Cyber Europe 2014 programme and the Cyber Security Information Sharing Partnership (CiSP), in addition to six predictions for 2015/2016, that include:
    • The supply chain will be hit hard (following supply chain weaknesses exploited in the attacks on US companies JP Morgan, Target and Home Depot, the threat is expected to cross the Atlantic this year) ;
    • Mobile devices will be a single point of failure for business and … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • Election special: It will be interesting to see what the new Conservative Government means for cybersecurity. The Conservative manifesto pledged to continue investment in cyber defence capabilities and improve response to cyber crime with reforms to police training (including the use of volunteer  “Cyber Specials”).  Datonomy will be looking out for new policy announcements - the state opening of Parliament and the Queen’s Speech will be on 27 May.  In terms of ministerial appointments which may have a bearing on cyber policy, these include: Matt Hancock, who has replaced Francis Maude as Minister for the Cabinet Office, Oliver Letwin who is in overall charge of the Cabinet Office and Sajid Javid, the new  Secretary of State for Business, Innovation and Skills.
  • On 7 May the … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • According to SC Magazine, the Bank of England has approved its first commercial provider of CBEST threat intelligence and penetration testing (read more from Datonomy about the financial sector CBEST programme here).  The company now approved to assess financial sector companies’ preparedness for a cyber attack is BAE Systems.
EU policy and regulatory developments
  • Network and Information Security Directive (NISD):  as we reported in last week’s update, the next trilogue meeting on the draft Directive was reportedly taking place on 30 April.  As yet we have been unable to find any progress reports in the public domain, other than a headline on the EU Issues Tracker Service (subscription required) indicating that the Council’s permanent representatives are due to receive a debrief today, 5 May, indicating … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. EU policy and regulatory developments
  • Network and Information Security Directive (NISD): the Council is reported to be meeting today (27 April) to discuss its position further, and the next trilogue is reported to be taking place on Thursday, 30 April.  The Council has publicised two new documents relating to the draft on its website, dated 1 and 17 April.  These are entitled, respectively, State of Play and  “Presidency’s proposal on the way forward”.  Frustratingly, they have not yet uploaded and do not appear to be in circulation in the public domain.  On 24 April, the MLex Service (subscription only) carried a helpful report explaining the latest twists and turns on negotiations over the controversial issue of whether key internet services should be subject to the Directive. According to MLex, two … Continue Reading ››