Cyber Bytes banner RPC law

Cyber_Bytes - Issue 33

16 June 2021. Published by Richard Breavington, Partner and Daniel Guilfoyle, Partner and Ian Dinning, Senior Associate and Rachel Ford, Senior Associate and Christopher Ashton, Senior Associate and Bethan Griffiths, Senior Associate and Ridvan Canbilen, Associate

Welcome to Cyber_Bytes, our bi-weekly round up of key developments in cyber, tech and evolving risks.

Come and meet us in September: RPC at London Tech Week

RPC are delighted to be hosting a series of in-person events and experiences in a multifunctional collaboration space around London Tech Week this September.

Join us as we bring together founders, award-winning authors, philanthropists, business leaders, pioneering women and investors to discuss the vital role technology plays in the UK's retail, insurance and tech sectors.

For information on specific events and to register, please visit https://www.rpc.co.uk/events/london-tech-week/

High Court delivers judgement with significant potential effects on recoverability of ATE premiums in data breach cases

The number of claims issued in the High Court with a data protection element continues to increase. Whilst claims for breach of data protection legislation alone do not qualify for recovery of ATE premiums from unsuccessful defendants under Legal Aid, Sentencing and Punishment of Offenders Act 2012, a common tactic of claimant law firms to get around this has been to add in claims in misuse of private information and breach of confidence.

The recent judgment in Darren Lee Warren v DSG Retail Limited provides much needed clarity in relation to the availability of these causes of action in instances where a criminal third party is involved. It confirms that claims of misuse of private information and breach of confidence do not have a realistic likelihood of success in these situations and is likely to have a significant impact on the claims landscape in this area.

Click here to read RPC's blog on the case, including its potential impact on ATE insurance arrangements

Cyber insurance provider Coalition Inc. sees size of claims paid for Ransomware attacks declining

Whilst the average ransom demand made by cyber criminals continues to increase, the amount of ransom actually being paid is generally decreasing according to Coalition Inc. The ransomware attacks against small and mid-size businesses are also growing, with cyber criminals focusing on an organisation's defences (or lack thereof) rather than its size. Overall, Coalition has observed a recent decline in ransomware attacks, with cyber criminals making a shift towards other forms of attacks such as Business Email Compromises and File Transfer Fraud.

Click here to read more.

Ethical hackers collaborate with UK defence to strengthen cyber security

The Ministry of Defence (MOD) have recently made use of the Bug Bounty programme, which saw 26 ethical hackers collaborate with US-based organization, HackerOne, to identify and fix key vulnerabilities within the MOD's cyber systems. This is in line with the UK Government's strategy to strengthen security and ensure better resilience across its departments and demonstrates the Government's openness and willingness to embrace new tools to secure cyber systems.

Click here to read more.

Marsh and trade body examine cyber risk governance of foreign banks in the UK: Cyber risk management faces significant local threat

A report released by Marsh and the Association of Foreign Banks has highlighted the disconnect between non-UK headquartered banks and the responsibilities of their UK subsidiaries and branch offices in terms of cyber governance.

The report details how local boards and management of foreign banks need to take action to be able to identify and manage cyber risks effectively within their UK operations, so as to ensure local regulatory requirements are adhered to and to improve the cyber security and resilience of the UK financial sector as a whole.

Click here and here to read more.

Zurich - Cyber risk management culture: people and processes

People and processes are key to addressing cyber risks, according to Oliver Delvos, global cyber underwriting manager at Zurich. With many companies continuing to miss the basics of good cyber hygiene this article focusses on what organisations big and small can do to limit their cyber exposures including items that should not be overlooked among the excitement of new technologies and digitalisation.

Click here to read more.

Insurance industries struggling to keep up with surge in cyber attacks

The COVID-19 pandemic has driven greater digitalization and remote working and as a result cyber vulnerability has intensified significantly. According to the Hiscox Cyber Readiness Report 2020, only 26% of the firms have stand-alone cyber insurance policies. The majority of firms rely on generic insurance policies which do not explicitly include or exclude cyber cover, giving rise to 'silent cyber' losses. S&P Global has suggested there needs to be further development of stand-alone cyber insurance products which would offer more efficient and optimized control of accumulation risk.

To read more, please click here.

5 cyber threat trends that will remain prominent in 2021

In their Cyber Threats Retrospective report, PWC highlight that over the last 12 months, the five most prolific cyber threat trends were ransomware, using current affairs as bait, supply chain attacks, social engineering and a rise of the defenders. Additionally, the report explores their wider impact on organisations, business and society.

To read more, please click here.

Npower app to be removed after login data was stolen

It is believed that personal contact details and partial financial information may have been obtained, but those affected were immediately alerted and had their accounts locked. The energy provider, which is owned by E.ON, has reinforced that protecting customers' security and data is their top priority and it was thanks to their robust threat detection and other cyber defences that the attack was identified.

To read more, please click here.

Bridewell Consulting reports on aviation's cyber security vulnerability

88% of UK aviation companies have detected cyber attacks in the last year, despite 78% stating their systems are secure according to research by Bridewell Consulting.

They posit that the aviation industry is facing an increased risk of cyber-attacks due to ageing infrastructure, a complex supply chain and the accessibility of operations systems both from corporate networks and over the internet.

The data shows that 28% of companies have reduced their infrastructure budget since the start of the pandemic and the industry is being urged to review and update its security before it is too late.

To read more, please click here.

The different flavours of cyber resilience

In an article on cyber resilience - the ability to anticipate and withstand cyber-attacks - internationally recognized IT security author, Torsten George, offers his insight into best practices.

The steps needed to effectively implement cyber resilience strategies, will vary from business to business but these strategies are essential to ensure organisations can improve their data protection strategies, as well as survive a cyber-attack. To be effective, it must be applied to all cyber resources, namely networks, data, workloads, devices and people. Cyber resilience can also help prevent cyber incidents which may happen due to human error or outdated software.

To read more, please click here.

Insurance industries struggling to keep up with surge in cyber attacks

The COVID-19 pandemic has driven greater digitalization and remote working and as a result cyber vulnerability has intensified significantly. According to the Hiscox Cyber Readiness Report 2020, only 26% of the firms have stand-alone cyber insurance policies. The majority of firms rely on generic insurance policies which do not explicitly include or exclude cyber cover, giving rise to 'silent cyber' losses. S&P Global has suggested there needs to be further development of stand-alone cyber insurance products which would offer more efficient and optimized control of accumulation risk.

To read more, please click here.

5 cyber threat trends that will remain prominent in 2021

In their Cyber Threats Retrospective report, PWC highlight that over the last 12 months, the five most prolific cyber threat trends were ransomware, using current affairs as bait, supply chain attacks, social engineering and a rise of the defenders. Additionally, the report explores their wider impact on organisations, business and society.

To read more, please click here.

Npower app to be removed after login data was stolen

It is believed that personal contact details and partial financial information may have been obtained, but those affected were immediately alerted and had their accounts locked. The energy provider, which is owned by E.ON, has reinforced that protecting customers' security and data is their top priority and it was thanks to their robust threat detection and other cyber defences that the attack was identified.

To read more, please click here.

Bridewell Consulting reports on aviation's cyber security vulnerability

88% of UK aviation companies have detected cyber attacks in the last year, despite 78% stating their systems are secure according to research by Bridewell Consulting.

They posit that the aviation industry is facing an increased risk of cyber-attacks due to ageing infrastructure, a complex supply chain and the accessibility of operations systems both from corporate networks and over the internet.

The data shows that 28% of companies have reduced their infrastructure budget since the start of the pandemic and the industry is being urged to review and update its security before it is too late.

To read more, please click here.

The different flavours of cyber resilience

In an article on cyber resilience - the ability to anticipate and withstand cyber-attacks - internationally recognized IT security author, Torsten George, offers his insight into best practices.

The steps needed to effectively implement cyber resilience strategies, will vary from business to business but these strategies are essential to ensure organisations can improve their data protection strategies, as well as survive a cyber-attack. To be effective, it must be applied to all cyber resources, namely networks, data, workloads, devices and people. Cyber resilience can also help prevent cyber incidents which may happen due to human error or outdated software.

To read more, please click here.

Insurance industries struggling to keep up with surge in cyber attacks

The COVID-19 pandemic has driven greater digitalization and remote working and as a result cyber vulnerability has intensified significantly. According to the Hiscox Cyber Readiness Report 2020, only 26% of the firms have stand-alone cyber insurance policies. The majority of firms rely on generic insurance policies which do not explicitly include or exclude cyber cover, giving rise to 'silent cyber' losses. S&P Global has suggested there needs to be further development of stand-alone cyber insurance products which would offer more efficient and optimized control of accumulation risk.

To read more, please click here.

5 cyber threat trends that will remain prominent in 2021

In their Cyber Threats Retrospective report, PWC highlight that over the last 12 months, the five most prolific cyber threat trends were ransomware, using current affairs as bait, supply chain attacks, social engineering and a rise of the defenders. Additionally, the report explores their wider impact on organisations, business and society.

To read more, please click here.

Npower app to be removed after login data was stolen

It is believed that personal contact details and partial financial information may have been obtained, but those affected were immediately alerted and had their accounts locked. The energy provider, which is owned by E.ON, has reinforced that protecting customers' security and data is their top priority and it was thanks to their robust threat detection and other cyber defences that the attack was identified.

To read more, please click here.

Bridewell Consulting reports on aviation's cyber security vulnerability

88% of UK aviation companies have detected cyber attacks in the last year, despite 78% stating their systems are secure according to research by Bridewell Consulting.

They posit that the aviation industry is facing an increased risk of cyber-attacks due to ageing infrastructure, a complex supply chain and the accessibility of operations systems both from corporate networks and over the internet.

The data shows that 28% of companies have reduced their infrastructure budget since the start of the pandemic and the industry is being urged to review and update its security before it is too late.

To read more, please click here.

The different flavours of cyber resilience

In an article on cyber resilience - the ability to anticipate and withstand cyber-attacks - internationally recognized IT security author, Torsten George, offers his insight into best practices.

The steps needed to effectively implement cyber resilience strategies, will vary from business to business but these strategies are essential to ensure organisations can improve their data protection strategies, as well as survive a cyber-attack. To be effective, it must be applied to all cyber resources, namely networks, data, workloads, devices and people. Cyber resilience can also help prevent cyber incidents which may happen due to human error or outdated software.

To read more, please click here.

Insurance industries struggling to keep up with surge in cyber attacks

The COVID-19 pandemic has driven greater digitalization and remote working and as a result cyber vulnerability has intensified significantly. According to the Hiscox Cyber Readiness Report 2020, only 26% of the firms have stand-alone cyber insurance policies. The majority of firms rely on generic insurance policies which do not explicitly include or exclude cyber cover, giving rise to 'silent cyber' losses. S&P Global has suggested there needs to be further development of stand-alone cyber insurance products which would offer more efficient and optimized control of accumulation risk.

To read more, please click here.

5 cyber threat trends that will remain prominent in 2021

In their Cyber Threats Retrospective report, PWC highlight that over the last 12 months, the five most prolific cyber threat trends were ransomware, using current affairs as bait, supply chain attacks, social engineering and a rise of the defenders. Additionally, the report explores their wider impact on organisations, business and society.

To read more, please click here.

Npower app to be removed after login data was stolen

It is believed that personal contact details and partial financial information may have been obtained, but those affected were immediately alerted and had their accounts locked. The energy provider, which is owned by E.ON, has reinforced that protecting customers' security and data is their top priority and it was thanks to their robust threat detection and other cyber defences that the attack was identified.

To read more, please click here.

Bridewell Consulting reports on aviation's cyber security vulnerability

88% of UK aviation companies have detected cyber attacks in the last year, despite 78% stating their systems are secure according to research by Bridewell Consulting.

They posit that the aviation industry is facing an increased risk of cyber-attacks due to ageing infrastructure, a complex supply chain and the accessibility of operations systems both from corporate networks and over the internet.

The data shows that 28% of companies have reduced their infrastructure budget since the start of the pandemic and the industry is being urged to review and update its security before it is too late.

To read more, please click here.

The different flavours of cyber resilience

In an article on cyber resilience - the ability to anticipate and withstand cyber-attacks - internationally recognized IT security author, Torsten George, offers his insight into best practices.

The steps needed to effectively implement cyber resilience strategies, will vary from business to business but these strategies are essential to ensure organisations can improve their data protection strategies, as well as survive a cyber-attack. To be effective, it must be applied to all cyber resources, namely networks, data, workloads, devices and people. Cyber resilience can also help prevent cyber incidents which may happen due to human error or outdated software.

To read more, please click here.

Insurance industries struggling to keep up with surge in cyber attacks

The COVID-19 pandemic has driven greater digitalization and remote working and as a result cyber vulnerability has intensified significantly. According to the Hiscox Cyber Readiness Report 2020, only 26% of the firms have stand-alone cyber insurance policies. The majority of firms rely on generic insurance policies which do not explicitly include or exclude cyber cover, giving rise to 'silent cyber' losses. S&P Global has suggested there needs to be further development of stand-alone cyber insurance products which would offer more efficient and optimized control of accumulation risk.

To read more, please click here.

5 cyber threat trends that will remain prominent in 2021

In their Cyber Threats Retrospective report, PWC highlight that over the last 12 months, the five most prolific cyber threat trends were ransomware, using current affairs as bait, supply chain attacks, social engineering and a rise of the defenders. Additionally, the report explores their wider impact on organisations, business and society.

To read more, please click here.

Npower app to be removed after login data was stolen

It is believed that personal contact details and partial financial information may have been obtained, but those affected were immediately alerted and had their accounts locked. The energy provider, which is owned by E.ON, has reinforced that protecting customers' security and data is their top priority and it was thanks to their robust threat detection and other cyber defences that the attack was identified.

To read more, please click here.

Bridewell Consulting reports on aviation's cyber security vulnerability

88% of UK aviation companies have detected cyber attacks in the last year, despite 78% stating their systems are secure according to research by Bridewell Consulting.

They posit that the aviation industry is facing an increased risk of cyber-attacks due to ageing infrastructure, a complex supply chain and the accessibility of operations systems both from corporate networks and over the internet.

The data shows that 28% of companies have reduced their infrastructure budget since the start of the pandemic and the industry is being urged to review and update its security before it is too late.

To read more, please click here.

The different flavours of cyber resilience

In an article on cyber resilience - the ability to anticipate and withstand cyber-attacks - internationally recognized IT security author, Torsten George, offers his insight into best practices.

The steps needed to effectively implement cyber resilience strategies, will vary from business to business but these strategies are essential to ensure organisations can improve their data protection strategies, as well as survive a cyber-attack. To be effective, it must be applied to all cyber resources, namely networks, data, workloads, devices and people. Cyber resilience can also help prevent cyber incidents which may happen due to human error or outdated software.

To read more, please click here.