Cyber Risk Legal update - December 2014

DAC Beachcroft Adviser Newsletter

December 2014 Cyber Risk legal update

Cyber Insurance, Privacy & Data Security 

2014 has been another year of high profile attacks on global corporations, with cyber-crime showing no signs of abatement.


This month we have chosen three recent cyber risk themes which draw 2014 to a close but set the scene for 2015:  cyber risk implications for directors and officers; the global nature of cyber threats; and, the implications of cyber risks for the wider insurance market.

The highly sophisticated cyber attack on Sony last month highlights how organised, criminal gangs are using new, widespread and disruptive techniques to attack businesses today. The attack has been described as "unprecedented in nature" and it demonstrates that IT security measures at the largest of corporations can be ineffective at avoiding sophisticated attacks. 

The financial repercussions for Sony and indeed any corporation subjected to a cyber attack can be significant, not only from the immediate costs of investigating the incident but also the long tail exposure to regulatory investigations, civil claims and heightened compliance programmes. These exposures coupled with reputational damage can reduce share price and harm investors. Directors & Officers are increasingly being held responsible for preventing such incidents and if not, may face regulatory criticism and civil claims. For a more detailed consideration of cyber risks for D&Os, please see our recent article here.

The Sony attack also highlights cyber risk as a global phenomenon.  The media has suggested that North Korea carried out the attack because it was disgruntled with Sony's recent film premier involving a plot to assassinate North Korea's leader.  Whether or not this is true remains to be seen, but the media has suggested there are organised gangs in Russia, Eastern Europe and China and the FBI has said that certain nation states (including some based in the Middle East) have the capability to carry out such attacks.   Jurisdictions around the world are awakening to cyber risks and mitigation strategies. The global opportunities for insurers were discussed in our recent seminar on global cyber risks, and you can watch the highlights here.

Finally, a further emerging cyber risk issue is how insurers, and indeed the insurance industry as a whole, should grapple with the exposure to cyber-attacks under existing lines of business. We are looking forward to seeing the outcome of Lloyd's data collection exercise and the adoption of the new "CZ" risk code for Cyber Security Property Damage in 2015. These were recently announced by the award winning Tom Bolt and his performance management team at Lloyd's.

We end the year on a happy note, wishing you all a Merry Christmas and a cyber safe New Year.

For DAC Beachcroft cyber updates, please follow us at @legallnutt and @hillegal1970.

For DAC Beachcroft privacy updates, please follows us at @DACBprivacy.

Click any of the links below to read more ...

UK Developments

Click the below headings to read more on each of the developments...

o    Cyber attacks: Directors' Liability

o    Government partners up with insurance sector against cyber threats

o    The ICO issues guidance on enforced subject access

o    PRA and FCA issue fines totalling £56 million to RBS, National Westminster Bank and Ulster Bank (the "Banks") following 2012 IT incident that caused service outages

o    ICO warning over unsecure webcams

o    TRUSTe privacy seal – FTC settles charges

o    WP29 approve CJEU judgement guidelines on the "right to be forgotten"

o    The EU data protection supervisor (EDPS) publishes "guidelines on data protection in EU financial services regulation"

o    ICO undergoes triennial review

o    New European data protection supervisor – Giovanni Buttarelli

o    Google settles in the High Court

o    ICO undertakings (All Follow Ups)

o    ICO fines

o    ICO enforcement notices

o    ICO prosecutions

EU Data Protection Regulation Developments

Updates from around the World...

Key Dates Calendar

1 December 2014

Enforced Subject Access to become a criminal offence

Review of the employment and claims handling policies to ensure compliance

6 December 2014

Consultation for reducing the threshold applicable to fining for nuisance calls closes.

Consider response

9 December 2014

Sign up to our next Minster Court Forum: We've got it covered – what you might have missed in 2014 and what you won't want to miss in 2015.

If you would like to attend please click here to RSVP.  A confirmation email will be sent a week before the event


Adoption of a final text of the Data Protection Regulation.

Watch for updates

For more information on DAC Beachcroft please contact:

DAC Beachcroft Adviser Newsletter

Rhiannon Davies, Associate

+44 (0) 20 7894 6577

[email protected]