Last week in the US, a Georgia county paid a ransomware criminal $400,000 (about £302,000) to release its IT systems. The malware resulted in almost the entire local government system taken offline and processes revert to paper; officials decided that …
Can you imagine an ostrich, with its head in the ground, backing toward a precipitous cliff-edge? Highly unlikely, I know, but then there’s the UK Parliament… In the great Brexit debate, the leaders of both the UK’s main political parties …
CyRiM’s (Cyber Risk Management Project) chilling report, Global infection by contagious malware , describes a scenario in which a well-resourced, motivated and malicious cyber team creates a self-replicating worm that encrypts all devices and wipes backups. I recently commented on what …
According to research carried out for Carbon Black, an endpoint security company, 88% of UK organisations reported they suffered a cyber breach in the past 12 months, with the average breaches per organisation running at 3.67! Attacks have become more …
Anyone who does even a limited amount of analysis of the ICO’s (Information Commissioner’s Office) website can see that, on average in the UK, the time elapsed between the committing of an offence under data protection legislation and the consequent …
Historically, data protection fines tended to be triggered by either cyber breaches or some process or system failure that led to personal data being exposed. Two of the first fines imposed under the GDPR (General Data Protection Regulation) point to …
Everyone now knows that a personal data breach may lead to an ICO (Information Commissioner’s Office) investigation, financial penalties and/or other regulatory action. But what about the commercial consequences? It’s long been a standard observation that data breaches lead to …
While the recent statutory instrument that amends the PECR (Privacy and Electronic Communications Regulations) appears to be aimed at the directors of organisations that brazenly flout the law in respect of direct marketing (whether by email or telephone), the reality …
There is a trend among organisations that suffer data breaches – such as Eurostar, which has just identified a major data breach – to downplay their impact by saying things like ‘while usernames and passwords were compromised, the good news …
The Court of Appeal has upheld the lower court decision that supermarket chain Morrisons is vicariously liable for a data breach by an employee. The detail of this decision is interesting. The Court found that, as Morrisons had instructed the …
