Cyber Bytes banner RPC law

Cyber_Bytes - Issue 22

15 September 2020. Published by Richard Breavington, Partner and Rachel Ford, Associate and Ridvan Canbilen, Associate

Welcome to the latest edition of Cyber_Bytes, our bi-weekly roundup of key developments in cyber, tech and evolving risks.

Government consultation on permitting "representative action" where an individual’s data rights have been infringed without specific authorisation by the data subject

A new consultation by the government seeks input on whether individuals whose data protection rights are violated but who cannot readily authorise a non-profit organisation to act on their behalf (e.g. children or vulnerable adults) should be able to be represented by non-profit organisations without their specific authorisation.

To read more, please click here.

SRA publishes cybersecurity thematic review

The SRA has published the results of a review in which it interviewed law firms about their experiences with cybercrime. 

Of the 40 law firms interviewed, 30 had suffered a cyber attack and 23 saw a total of more than £4m in client money stolen as a result of cybercrime. In addition, 60% of the law firms felt that their biggest potential vulnerability to cybercrime was linked to the knowledge and behaviours of their staff. 

To read more, please click here.

Whistleblower reports to the ICO over data breaches reach an all-time high

Between April 2019 and March 2020, employees made 427 complaints to the ICO, which is a 34% increase compared to last year. The ICO took further action in 68 out of the 427 reports, with 23 considered for investigations. The ICO has also been encouraging employees to come forward with concerns about data mishandling. 

Whilst the ICO has said that it will be more flexible when investigating organisations and will take into account the challenges they face, RPC's Richard Breavington comments that it would be wrong to think that is a "free pass” and that whistleblowing is now a "major risk" for businesses that fail to deal with a data breach properly, or who have failed to take reasonable steps to protect the data they hold on their customers.

To read more, please click here and here.

Partnership between Oxford University and Willis Towers Watson to better understand the impact of current and future cyber incidents and risks

Research to be carried out will focus on cost of equity in publicly listed companies, following severe security breaches, the nature of cyberattack “resilience”, and the current risk landscape of AI-facilitated phishing and the implications this has specifically for the insurance sector.

The partnership aims to ensure clients can benefit from the in-depth research findings but also from sharing best practice across the industry.

To read more, please click here.

Inside job: Two-thirds of companies hit by insider cyber attacks

A new report has been published, indicating that some 61% of businesses surveyed have had at least one cyber incident attributable to an employee in the last 12 months, with almost a quarter (22%) reporting up to six separate incidents.  It is important to be clear that for these purposes, insider threats are classed as those that stem from an employee, whether deliberate or accidental. 

To read more, please click here