DAC Beachcroft | Insurance, Privacy & Data Security News
June 2014 update
Catch up with the latest cyber risk legislation and regulatory developments with the DAC Beachcroft Adviser Newsletter
As the implementation of the European Data Protection Regulation drops further behind schedule, one could be forgiven for thinking that all is quiet on the cyber risk insurance front.
The draft Regulation is often cited as the awaited trigger to the cyber risk insurance market in Europe. However, recent developments show a greater awareness and necessity for tightening security standards in the absence of any formal change in the law which could prompt greater interest in risk mitigation strategies and the purchase of insurance.
Last month, the ICO issued a report on the top 8 reasons for IT security failures which have given rise to the most serious breaches that have been investigated by the ICO. Whilst the aptly titled report "learning from the mistakes of others" is not legally binding, it will be interesting to see whether sanctions will be higher for organisations who fail to learn from those mistakes. The UK government has also recently launched its Cyber Essentials scheme, an accredited certification scheme aimed at mitigating the most common internet based threats to cyber security. It seems, therefore, that rather than being the year of the Regulation, 2014 is set to be the 'year of the cyber standard'.
As always, cyber breaches are never far from the headlines and this month is no exception. eBay is the latest high-profile victim of an attack on a massive scale highlighting that even the most sophisticated of organisations can fall victim.
Updates from around the World...
You might also like ...
September 2014 update
Cyber security is about risk reduction, not risk prevention. No system can ever be 100% secure, particularly when constrained by financial resources and the exposure to human error or behaviour.
The law governing data security is similarly not absolute. For example, the Data Protection Act 1998 ("DPA") demands that an organisation has "appropriate" technical and organisational security measures.