CyRiM’s (Cyber Risk Management Project) chilling report, Global infection by contagious malware , describes a scenario in which a well-resourced, motivated and malicious cyber team creates a self-replicating worm that encrypts all devices and wipes backups. I recently commented on what …
According to research carried out for Carbon Black, an endpoint security company, 88% of UK organisations reported they suffered a cyber breach in the past 12 months, with the average breaches per organisation running at 3.67! Attacks have become more …
Anyone who does even a limited amount of analysis of the ICO’s (Information Commissioner’s Office) website can see that, on average in the UK, the time elapsed between the committing of an offence under data protection legislation and the consequent …
Historically, data protection fines tended to be triggered by either cyber breaches or some process or system failure that led to personal data being exposed. Two of the first fines imposed under the GDPR (General Data Protection Regulation) point to …
Everyone now knows that a personal data breach may lead to an ICO (Information Commissioner’s Office) investigation, financial penalties and/or other regulatory action. But what about the commercial consequences? It’s long been a standard observation that data breaches lead to …
While the recent statutory instrument that amends the PECR (Privacy and Electronic Communications Regulations) appears to be aimed at the directors of organisations that brazenly flout the law in respect of direct marketing (whether by email or telephone), the reality …
There is a trend among organisations that suffer data breaches – such as Eurostar, which has just identified a major data breach – to downplay their impact by saying things like ‘while usernames and passwords were compromised, the good news …
The Court of Appeal has upheld the lower court decision that supermarket chain Morrisons is vicariously liable for a data breach by an employee. The detail of this decision is interesting. The Court found that, as Morrisons had instructed the …
Facebook has, in respect of its data breach earlier this year, been fined the maximum £500,000 allowed under the DPA (Data Protection Act) 1998. It’s lucky the breach was discovered before 25 May 2018; if the fine had been levied …
Ransomware is a fact of life, right? Sooner or later, a member of staff is going to click a malicious link or visit a dodgy website, and a ransomware product will download and install itself. There are three ways you …