Cyber, data, and security matters are becoming more prevalent and frequently make headlines in the media – think CrowdStrike arising from the failure of a ‘routine’ software update …. Poor data security can lead to costly downtime and disruption (a recent IBM study noted that “the global average cost of a data breach in 2023 was $4.45 million – a 15% increase over 3 years“) and impact longer term revenue (a study from ThreatX showed 60% of consumers wouldn’t do business with a brand suffering a data breach and 21% would switch provider following an incident).

The legal and regulatory position is also evolving, and Boards need to be aware of what this means for them and their business.  The King’s Speech heralded data and cyber reform and there has since been a new Data Bill (see below) and the Cyber Security and Resilience Bill.  In a recent speech, the CEO of the National Cyber Security Centre, said:

“We have to make sure that technology is working for us…..; that the market for technology incentivises a ‘secure-by-design’ approach; that no-one treats security as a postscript.  Cyber security legislation and regulation, such as the new Cyber Security and Resilience Bill, are crucial steps towards hardening the UK’s cyber defences.”

The new Data (Use and Access) Bill proposes changes to the UK’s data protection framework among other more wide-ranging measures. Generally, it intends to make changes relating to processing for research purposes, the lawful grounds for processing data, automated decision making, international data transfers, and stronger enforcement powers for the ICO.  It is likely to have a greater impact on businesses involved in smart data schemes and digital verification services as well as organisations involved in public services.

This, alongside the Cyber Security and Resilience Bill, which the CEO of the National Cyber Security Centre, also said “… will be an opportunity to broaden the scope of current regulations to protect more services and supply chains to put regulators on a stronger footing and to strengthen reporting requirements to build a better picture across government of cyber risk to the UK…, signposts the Government’s ambitions and desires for change in the UK’s data, cyber and security framework and wider data reform.

The focus on data, cyber and security, an increasingly granular approach to cyber security risks, and a focus on accountability within organisations will continue.  The impacts of poor security can be significant and as the legal and regulatory landscape continues to evolve, it’s crucial to stay informed and prepared. Our dedicated and multi-disciplinary team can help you assess and manage these risks and issues.