Cyber_Bytes - Issue 33

16 June 2021. Published by Richard Breavington, Partner and Daniel Guilfoyle, Partner and Ian Dinning, Senior Associate and Rachel Ford, Senior Associate and Christopher Ashton, Senior Associate and Bethan Griffiths, Senior Associate

Welcome to Cyber_Bytes, our bi-weekly round up of key developments in cyber, tech and evolving risks.

Come and meet us in September: RPC at London Tech Week

RPC are delighted to be hosting a series of in-person events and experiences in a multifunctional collaboration space around London Tech Week this September.

Join us as we bring together founders, award-winning authors, philanthropists, business leaders, pioneering women and investors to discuss the vital role technology plays in the UK's retail, insurance and tech sectors.

For information on specific events and to register, please visit our events page.

High Court delivers judgement with significant potential effects on recoverability of ATE premiums in data breach cases

The number of claims issued in the High Court with a data protection element continues to increase. Whilst claims for breach of data protection legislation alone do not qualify for recovery of ATE premiums from unsuccessful defendants under Legal Aid, Sentencing and Punishment of Offenders Act 2012, a common tactic of claimant law firms to get around this has been to add in claims in misuse of private information and breach of confidence.

The recent judgment in Darren Lee Warren v DSG Retail Limited provides much needed clarity in relation to the availability of these causes of action in instances where a criminal third party is involved. It confirms that claims of misuse of private information and breach of confidence do not have a realistic likelihood of success in these situations and is likely to have a significant impact on the claims landscape in this area.

Click here to read RPC's blog on the case, including its potential impact on ATE insurance arrangements

Cyber insurance provider Coalition Inc. sees size of claims paid for Ransomware attacks declining

Whilst the average ransom demand made by cyber criminals continues to increase, the amount of ransom actually being paid is generally decreasing according to Coalition Inc. The ransomware attacks against small and mid-size businesses are also growing, with cyber criminals focusing on an organisation's defences (or lack thereof) rather than its size. Overall, Coalition has observed a recent decline in ransomware attacks, with cyber criminals making a shift towards other forms of attacks such as Business Email Compromises and File Transfer Fraud.

Click here to read more.

Ethical hackers collaborate with UK defence to strengthen cyber security

The Ministry of Defence (MOD) have recently made use of the Bug Bounty programme, which saw 26 ethical hackers collaborate with US-based organization, HackerOne, to identify and fix key vulnerabilities within the MOD's cyber systems. This is in line with the UK Government's strategy to strengthen security and ensure better resilience across its departments and demonstrates the Government's openness and willingness to embrace new tools to secure cyber systems.

Click here to read more.

Marsh and trade body examine cyber risk governance of foreign banks in the UK: Cyber risk management faces significant local threat

A report released by Marsh and the Association of Foreign Banks has highlighted the disconnect between non-UK headquartered banks and the responsibilities of their UK subsidiaries and branch offices in terms of cyber governance.

The report details how local boards and management of foreign banks need to take action to be able to identify and manage cyber risks effectively within their UK operations, so as to ensure local regulatory requirements are adhered to and to improve the cyber security and resilience of the UK financial sector as a whole.

Click here and here to read more.

Zurich - Cyber risk management culture: people and processes

People and processes are key to addressing cyber risks, according to Oliver Delvos, global cyber underwriting manager at Zurich. With many companies continuing to miss the basics of good cyber hygiene this article focusses on what organisations big and small can do to limit their cyber exposures including items that should not be overlooked among the excitement of new technologies and digitalisation.

Click here to read more.

Insurance industries struggling to keep up with surge in cyber attacks

The COVID-19 pandemic has driven greater digitalization and remote working and as a result cyber vulnerability has intensified significantly. According to the Hiscox Cyber Readiness Report 2020, only 26% of the firms have stand-alone cyber insurance policies. The majority of firms rely on generic insurance policies which do not explicitly include or exclude cyber cover, giving rise to 'silent cyber' losses. S&P Global has suggested there needs to be further development of stand-alone cyber insurance products which would offer more efficient and optimized control of accumulation risk.