Cybercrime—issues threats and vulnerabilities
Cybercrime—issues threats and vulnerabilities

The following Practice Compliance guidance note provides comprehensive and up to date legal information covering:

  • Cybercrime—issues threats and vulnerabilities
  • What is cybercrime?
  • Potential consequences of cybercrime
  • Cybersecurity threats
  • Vulnerabilities

Brexit: As of exit day (31 January 2020), the UK is no longer an EU Member State, but it has entered an implementation period during which it continues to be treated by the EU as a Member State for many purposes. The UK must continue to adhere to its obligations under EU law, including in relation to data protection, and the ICO has confirmed the GDPR will continue to apply during the implementation period. For more information, see: Practice Note: Brexit—implications for data protection.

Cybercrime is a challenge for internal compliance teams requiring a wider response than, 'it's a job for the IT department'. Cyber risk, like any other risk to your business, needs to be managed properly and considered a high priority risk for the internal compliance or legal team. It is a business risk that must be managed within an overall information and risk-management and crime prevention framework.

This Practice Note outlines:

  1. the issues surrounding cybercrime (ie why it needs to be on your radar)

  2. the threats posed to commercial organisations by cybercrime, and

  3. key vulnerabilities

This Practice Note reflects information security and breach notification requirements in the General Data Protection Regulation (GDPR), Regulation (EU) 2016/679 but is not intended to cover specialist sector-specfic requirements in the:

  1. the Network and Information Systems Regulations 2018 (NIS Regulations), SI 2018/506 which implement the provisions