Cybercrime prevention
Cybercrime prevention

The following Practice Compliance practice note provides comprehensive and up to date legal information covering:

  • Cybercrime prevention
  • Responsibility
  • Risk assessment
  • Policies and procedures
  • Monitor, review and update
  • Reporting concerns
  • Awareness and training
  • Awareness and training
  • Technical measures
  • Other controls
  • More...

Cybercrime prevention

Cybercrime is a fast-moving, ever-evolving unpredictable risk to all commercial organisations which must be managed properly.

It's estimated that up to 80 per cent of security breaches could be prevented by implementing basic good practices. This Practice Note pulls together examples of good practice in terms of generally reducing the risk of cybercrime and cybersecurity breaches.


Cybercrime is a challenge for internal compliance teams requiring a wider response than, 'it's a job for the IT department'. Cyber risk, like any other risk to your business, needs to be managed properly and considered a high priority risk for the internal compliance or legal team. It is a business risk that must be managed within an overall information and risk-management and crime prevention framework.

A senior person should take overall responsibility for conducting a risk assessment and, from there, developing and implementing your policies and procedures.

They should be trained and have adequate resources to ensure those policies and procedures are properly maintained.

All staff should be made aware of who this person is.

Risk assessment

Your starting point should be a risk assessment.

A high-quality risk assessment involves identifying your critical IT/data assets, considering the most likely targets and potential types of attack, and pinpointing effective defences against those specific types of attack. See Precedent: Cybercrime risk assessment.

Policies and procedures

You should establish policies and procedures to cover the risks you identify. You

Related documents:

Popular documents