Tag Archives: NISD

The latest round up of regulatory news from the Datonomy blogging team at Olswang LLP. Reports and statistics  The Ponemon institute has published its 10th annual benchmarking study into the Cost of Data Breach for the US. Headline statistics, which drew on a sample of 62 US companies in 16 sectors, include the following:
  • $6.5m is the average total cost of data breach
  • 11% increase in total cost compared to last year
  • $217 is the average cost per lost or stolen record (up 8%)
  • Malicious or criminal attacks continue to be the primary cause of breach, and these were also the most costly breaches.
Olswang will provide further coverage of the latest Ponemon findings in its Q2 Cyber Quarterly . UK policy and regulatory developments
  • CERT-UK: CERT’s latest weekly update is available here and highlights the risk from phishing attacks launched by means other than email (e.g. text and instant messaging apps) along with … Continue Reading ››
Datonomy will be taking a short break over the upcoming UK bank holiday, so here is this week's round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP, a little sooner than usual. UK policy and regulatory developments
  • CERT-UK has published its first annual report detailing the major pieces of malware that have operated in the UK over the last year (spread by criminal groups and nation states), a sector breakdown, a review of the Cyber Europe 2014 programme and the Cyber Security Information Sharing Partnership (CiSP), in addition to six predictions for 2015/2016, that include:
    • The supply chain will be hit hard (following supply chain weaknesses exploited in the attacks on US companies JP Morgan, Target and Home Depot, the threat is expected to cross the Atlantic this year) ;
    • Mobile devices will be a single point of failure for business and … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • The Department for Business, Innovation and Skills has announced the addition of two more participating companies to the cybersecurity supplier to government scheme.  The NCC Group and Perspective Risk Ltd can now advertise themselves as companies supplying a cybersecurity product to the UK government and use the government’s logo in marketing materials in order to increase the UK’s cybersecurity exports.
EU policy and regulatory developments
  • Network and Information Security Directive (NISD): There is a frustrating dearth of information in the public domain about the latest progress on the NISD. The EU Council’s Consilium website page on the Directive has been updated with the following report: A third trilogue meeting took place on 30 April 2015. Although progress was made during the trilogue, important differences remain between the … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • Election special: It will be interesting to see what the new Conservative Government means for cybersecurity. The Conservative manifesto pledged to continue investment in cyber defence capabilities and improve response to cyber crime with reforms to police training (including the use of volunteer  “Cyber Specials”).  Datonomy will be looking out for new policy announcements - the state opening of Parliament and the Queen’s Speech will be on 27 May.  In terms of ministerial appointments which may have a bearing on cyber policy, these include: Matt Hancock, who has replaced Francis Maude as Minister for the Cabinet Office, Oliver Letwin who is in overall charge of the Cabinet Office and Sajid Javid, the new  Secretary of State for Business, Innovation and Skills.
  • On 7 May the … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • According to SC Magazine, the Bank of England has approved its first commercial provider of CBEST threat intelligence and penetration testing (read more from Datonomy about the financial sector CBEST programme here).  The company now approved to assess financial sector companies’ preparedness for a cyber attack is BAE Systems.
EU policy and regulatory developments
  • Network and Information Security Directive (NISD):  as we reported in last week’s update, the next trilogue meeting on the draft Directive was reportedly taking place on 30 April.  As yet we have been unable to find any progress reports in the public domain, other than a headline on the EU Issues Tracker Service (subscription required) indicating that the Council’s permanent representatives are due to receive a debrief today, 5 May, indicating … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. EU policy and regulatory developments
  • Network and Information Security Directive (NISD): the Council is reported to be meeting today (27 April) to discuss its position further, and the next trilogue is reported to be taking place on Thursday, 30 April.  The Council has publicised two new documents relating to the draft on its website, dated 1 and 17 April.  These are entitled, respectively, State of Play and  “Presidency’s proposal on the way forward”.  Frustratingly, they have not yet uploaded and do not appear to be in circulation in the public domain.  On 24 April, the MLex Service (subscription only) carried a helpful report explaining the latest twists and turns on negotiations over the controversial issue of whether key internet services should be subject to the Directive. According to MLex, two … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. EU policy and regulatory developments
  • Network and Information Security Directive: Last week the MLex service (subscription required) reported on the EU Commission’s continued effort to include key web services in the list of companies who would, under the proposed NISD, have to notify authorities whenever their systems have been hacked or otherwise compromised. Social networks, search engines, online payment facilitators, e-commerce platforms, cloud-computing services and app stores would be within scope the under the draft originally proposed by the Commission in 2013, along with more conventional critical infrastructure providers.  The extended definition, which could catch approximately 1,400 internet companies based in Europe, continues to be hotly debated by state governments, EU parliamentarians (who have voted to keep web services out of scope)  and industry leaders (with the Internet and IT … Continue Reading ››