Cybersecurity, threats and risk management

Copyright © 2026 LexisNexis

The importance of implementing cybersecurity measures has been highlighted in recent years by high-profile security failures involving the internet, the technology, and the services which support and make use of it. Against this backdrop, cybersecurity is of growing significance both to businesses and individuals. Organisations should be aware of their existing measures and ensure that the controls and systems they have in place are sufficient to deter breaches and mitigate their impact if they do occur.

The effect of convergence in a digital world has further operated to bring issues involving cybersecurity to a diverse range of industries and legal practice areas. This is reflected in a patchwork of current and proposed regulation to combat information security threats and manage data use together with a growing appreciation of the need for standards and a harmonisation of practice and regulation.

For a list of the key bodies or organisations that operate to combat the threat of cybercrime, see Practice Note: Cybercrime—list of relevant authorities.

For information on cybersecurity regulation in other jurisdictions, see: Lexology Panoramic: Cybersecurity.

Cyber threats

Individuals or organisations that carry out cyberattacks

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Information Law News

ICO consults on draft updated guidance on research, archiving and statistics provisions following DUAA 2025

The Information Commissioner's Office (ICO) has launched a consultation on draft updated guidance concerning the research, archiving and statistics (RAS) provisions. The updates follow the introduction of the Data (Use and Access) Act 2025 (DUAA 2025) and include revised criteria for scientific research, in response to requests for greater clarity. The consultation also seeks views on the ICO's approach to the new disproportionate effort exemption under DUAA 2025, s 77, which exempts organisations from the requirement to inform data subjects when re-using previously collected data for research purposes. The consultation closes on 27 April 2026.

ENISA publishes FAQ page on Cyber Resilience Act Single Reporting Platform

The European Union Agency for Cybersecurity (ENISA) has introduced a dedicated page featuring a collection of Frequently Asked Questions (FAQ) on the EU Cyber Resilience Act’s Single Reporting Platform (SRP). The FAQs explain, amongst other thing, what the SRP is, who is responsible for it, what must be reported, how the platform operates and the responsibilities of the key entities involved, supporting transparency and implementation of mandatory and voluntary reporting within the EU Digital Single Market. ENISA intends to update FAQ page as the SRP implementation progresses.

Information Law weekly highlights—26 February 2026

Welcome to this week’s edition of the Information Law weekly highlights: a hand-picked summary of news analysis, updates and new content related to laws governing the use and dissemination of information and personal data. Each week these highlights focus on developments in key topics such as data protection, ePrivacy, cybersecurity, breach of confidence, misuse of private information, and defamation.

ICO fines Reddit £14.47m for unlawful use of children’s personal data

The Information Commissioner’s Office (ICO) has fined Reddit £14.47m after finding it used children’s personal information unlawfully due to age assurance failures under UK data protection law. The ICO found Reddit failed to apply any robust age assurance mechanism or carry out a data protection impact assessment before January 2025, resulting in the unlawful processing of the personal information of children under 13 and exposing them to inappropriate and harmful content. Although Reddit introduced age verification and age declaration requirements in July 2025, the ICO highlighted that self‑declaration presents risks and confirmed it is keeping the platform’s processing of children’s personal information under review as part of its wider intervention to improve the safety of children’s data online. It emphasised that organisations must ensure they know the age of users, enforce minimum age requirements and apply appropriate and effective age assurance tools.

View Information Law by content type :
News
Practice notes
Precedents
Q&As

Popular documents

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

Contributory negligence in personal injury claims

Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an
What is the difference between an appeal and a review?

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

Contributory negligence in personal injury claims

Contributory negligence in personal injury claims

Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an