Tag Archives: ENISA

Late yesterday (7 December) the EU institutions reached a deal on the Network and Information Security Directive. The Directive will introduce new cyber security requirements for providers of key infrastructure, and oblige them to report details of cyber attacks to the authorities.  The deadline for bringing the new rules into force will be in Q3 2017. Businesses which fall within the Directive’s definition of “digital service providers” – including online market places, cloud computing and search engines – will also be subject to security and breach notification requirements. The final text of the Directive is still awaited. Datonomy will provide further analysis once the text becomes available. What’s new? On 7 December, after many months of trilogue negotiations, the EU institutions reached a compromise on the text of the NISD. The European Commission issued this press release and the Council of the European Union followed suit swiftly with this … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP.  EU policy and regulatory developments
  • General Data Protection Regulation (GDPR): The second trilogue negotiation is, according to this previously released (unofficial) timetable for completion, scheduled for today, 14 July.  The second meeting will focus on the issues of territorial scope (Article 3) and international transfers (Chapter V).  This 682 page document dated 8 July, but not yet uploaded to the Council’s website, has been leaked by Statewatch.  It is a line-by-line table comparing the Commission, EP and Council’s respective negotiating positions on the whole Regulation.  Regarding the issues of data security, data breach notifications and processor obligations contained in Chapter IV of the draft, according to the above unofficial timetable, these are due to be negotiated in September.  Although there are some differences of detail between the institutions’ … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • Latest UK stats on breach notification: The Information Commissioner’s Office published its annual report for 2014/2015 on 1 July 2015.  It includes statistics on data breach and data loss incidents reported voluntarily to the ICO (1,677 self-reported incidents, resulting in 1,707 investigations, £692,500 of fines, 3 enforcement notices and 26 undertakings).  There were 285 data breach reports by communications service providers under the compulsory PECR regime, and one CSP was fined for late notification.  It also includes statistics and trends on sources of complaints to the ICO – with security related complaints rising from 6 to 8% of all complaints reported to the ICO compared to the previous year - and on the type of enforcement action taken by the ICO in response.  Read the … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. EU policy and regulatory developments 
  • General Data Protection Regulation (GDPR): As Datonomy readers will by now be well aware, on 15 June the GDPR reached another key milestone with the EU Council (i.e. Member States) adopting their “general approach” to negotiating the whole proposal with the Parliament and the Commission. This means that all three EU institutions have declared their negotiating stance on the wide ranging proposal and that three way negotiations can now begin.  The first such trilogue is scheduled for 24 June, with a six month provisional timetable recently outlined by a group of MEPs here, aimed at adoption of the proposal by the end of 2015.  Given the complexity of the proposal and the fact that it has already taken three and a half years to … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • PwC has released its 2015 Information security breaches survey, conducted on behalf of the Department for Business, Innovation and Skills.  Some of the key findings from the report include:
    • There has been an increase in the number of large and small organisations suffering security breaches (90% of large organisations reported that they suffered a security breach – up from 81% in 2014);
    • For large organisations, the median number of security breaches for a year was 14;
    • The average cost of the worst single breach suffered by large organisations has more than doubled (from £600k to £1.46m);
    • Despite this increased severity, employee vigilance appears not to be improving as the 50% of the worst breaches suffered were attributed to inadvertent human error (up from 31% in 2014).
  • On the back … Continue Reading ››
The latest round up of regulatory news from the Datonomy blogging team at Olswang LLP. Reports and statistics  The Ponemon institute has published its 10th annual benchmarking study into the Cost of Data Breach for the US. Headline statistics, which drew on a sample of 62 US companies in 16 sectors, include the following:
  • $6.5m is the average total cost of data breach
  • 11% increase in total cost compared to last year
  • $217 is the average cost per lost or stolen record (up 8%)
  • Malicious or criminal attacks continue to be the primary cause of breach, and these were also the most costly breaches.
Olswang will provide further coverage of the latest Ponemon findings in its Q2 Cyber Quarterly . UK policy and regulatory developments
  • CERT-UK: CERT’s latest weekly update is available here and highlights the risk from phishing attacks launched by means other than email (e.g. text and instant messaging apps) along with … Continue Reading ››
Datonomy will be taking a short break over the upcoming UK bank holiday, so here is this week's round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP, a little sooner than usual. UK policy and regulatory developments
  • CERT-UK has published its first annual report detailing the major pieces of malware that have operated in the UK over the last year (spread by criminal groups and nation states), a sector breakdown, a review of the Cyber Europe 2014 programme and the Cyber Security Information Sharing Partnership (CiSP), in addition to six predictions for 2015/2016, that include:
    • The supply chain will be hit hard (following supply chain weaknesses exploited in the attacks on US companies JP Morgan, Target and Home Depot, the threat is expected to cross the Atlantic this year) ;
    • Mobile devices will be a single point of failure for business and … Continue Reading ››