Cybersecurity regulation and best practice in the US and UK
Produced in partnership with Jennifer Archie, Lore Leitner and Alexander Stout of Latham and Watkins LLP
Cybersecurity regulation and best practice in the US and UK

The following Financial Services practice note Produced in partnership with Jennifer Archie, Lore Leitner and Alexander Stout of Latham and Watkins LLP provides comprehensive and up to date legal information covering:

  • Cybersecurity regulation and best practice in the US and UK
  • Introduction to cybersecurity in financial services firms
  • Evolving regulatory regime/enforcement
  • Data regulation and enforcement climate in the UK—protecting customer data from disruption, hacks and thefts
  • Regulatory developments in the UK
  • Regulation in the US
  • Being prepared to respond to major attacks
  • Risk assessments
  • Governance—pre-staging breach prevention and response expertise
  • Vendor selection and supervision
  • More...

Introduction to cybersecurity in financial services firms

In the wake of continued escalations in phishing and denial of service attacks against banks and other financial institutions, financial services firms face a rapidly evolving threat and government regulatory climate. Regulators in the United States have stepped up oversight and expectations for multiple layers of security and obligations to notify national regulators of significant cyber attacks or data breaches. In the United Kingdom, more than 80% of UK companies suffered a security breach in 2014, according to the Government Communications Headquarters (GCHQ), a British intelligence agency. PricewaterhouseCoopers has reported that the total number of worldwide security incidents climbed to 42.8m in 2015, a 48% rise from 2013. The compound annual growth rate of security incidents has increased 66% year-on-year since 2009. The Ponemon Institute estimates that, on average in the 2015 financial year, each data breach costs a US company USD$ 6.53m and a UK company US$ 3.72m in damages such as regulatory fines, reputational and commercial risk, and changes to IT infrastructure. Distributed Denial of Service (DDoS) attacks alone reportedly cost banks $100,000 (USD) per hour, and such attacks against the financial industry doubled during Q4 of 2014 to account for 15% of all attacks according to a Verisign report. Banks and brokers, big and small, possess deeply sensitive information and collectively control trillions of dollars,

Popular documents