Commercial Technology and Data Lawyer and Arbor co-founder Ed Rea summarises recent developments, trends and hot topics relating to Data Security in the following Tech law roundup.
DCMS publishes annual Cyber Security Breaches Survey for 2021
The UK’s Department for Digital, Culture, Media & Sport (DCMS) recently published its annual Cyber Security Breaches Survey for 2021. The DCMS report suggests that as a result of the coronavirus pandemic, the cyber risk to organisations have increased significantly increased with 40% of businesses reporting that they experienced cybersecurity breaches or attacks in the last 12 months. The report also suggests that fewer organisations are taking the recommended cybersecurity measures and calls for greater action by businesses and charities in this area. Some key takeaway points include recommendations for organisations to:
Organisations should also review and update their cyber security policies that cover home working, the use of personal devices for work and the use of smart (i.e. network-connected) devices in workplaces, the latter of which highlights a potential new area of cyber risk for organisations to address.
A full copy of the survey can be found at: Cyber Security Breaches Survey 2021 – GOV.UK (www.gov.uk)
The UK Government has recently published the Telecoms (Security) Bill as an amendment to the current Communications Act (2003).
This Bill comes in response to a rapid escalation in the cyber threat landscape, with relentless and sophisticated attacks targeting the country’s critical national infrastructure and to address concerns around the deployment of Huawei equipment across critical national telecommunications infrastructure. The legislation is aimed at compelling telecommunications providers to better manage security risks within their supply chain and enhance the security and resilience of national infrastructure. The new regulations will require all telecommunications providers to demonstrate to Ofcom that they have maximised the cyber protection and resilience of their networks and optimised their security procedures. This will ultimately require telecommunications providers to:
Telecommunications providers who are audited by Ofcom may be issued with enforcement penalties of up to 10% of a provider’s turnover or £100,000 per day for non-compliance. Telecoms vendors are also affected by the Bill as telecommunications providers are likely flow down responsibilities as part of the service they are procuring. As both Houses of Parliament have agreed on the text of the bill it now awaits the final stage of Royal Assent before becoming and an Act of Parliament (law).