Cybersecurity, threats and risk management

Copyright © 2025 LexisNexis

The importance of implementing cybersecurity measures has been highlighted in recent years by high profile security failures involving the internet, the technology, and the services which support and make use of it. Against this backdrop, cybersecurity is of growing significance both to businesses and individuals. Organisations should be aware of their existing measures and, in the words of the UK government, ‘accept responsibility for their cybersecurity and ensure that they have the appropriate controls and systems in place to deter and deal with breaches if they do occur’.

The effect of convergence in a digital world has further operated to bring issues involving cybersecurity to a diverse range of industries and legal practice areas. This is reflected in a patchwork of current and proposed regulation to combat information security threats and manage data use together with a growing appreciation of the need for standards and a harmonisation of practice and regulation.

For a list of the key bodies or organisations that operate to combat the threat of cybercrime, see Practice Note: Cybercrime who's who.

For information on cybersecurity regulation in other jurisdictions, see: ...

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Information Law News

Information Law weekly highlights—15 May 2025

Welcome to this week’s edition of the Information Law weekly highlights: a hand-picked summary of news analysis, updates and new content related to laws governing the use and dissemination of information and personal data. Each week these highlights focus on developments in key topics such as data protection, ePrivacy, cybersecurity, breach of confidence, misuse of private information, and defamation.

Testing the limits of confidentiality—when does use become misuse? (Illiquidx Ltd v Atlana Weal...

Information Law analysis: This was a High Court case involving issues of confidentiality, trade secrets and copyright. It centred around two firms who had entered into a non-disclosure agreement (NDA) and subsequently embarked on a joint venture to set up an investment fund. Following the breakdown of the business relationship, one of the firms, Atlana, set up its own fund which was very similar to the one envisaged under the joint venture. The High Court ruled that in setting up its own fund, Atlana had breached the terms of the NDA by misusing confidential information and in turn had also infringed trade secrets. The judgment reinforces the importance of precise drafting in NDAs and provides clarifications around the meaning of information being in the public domain. It also emphasises the importance of originality when establishing copyright infringement, particularly in the context of business presentations and other materials which may be more difficult to prove. Written by Marija Nonkovic, associate at Kemp IT Law LLP.

DSIT launches enterprise IoT security consultation with vulnerability research

The Department for Science, Innovation and Technology (DSIT) has launched a call for evidence on the security of enterprise connected devices, supported by commissioned research from NCC Group revealing multiple security vulnerabilities. The research identified remote code execution vulnerabilities, outdated software, and poor adherence to National Cyber Security Centre Device Security Principles and European Telecommunications Standards Institute EN 303 645 standards across commonly-used business devices. The consultation aims to gather industry views on potential interventions to improve cyber resilience across the UK economy. The call for evidence closes at 11:59pm on 7 July 2025.

ICO consults on draft updated guidance on encryption

The Information Commissioner's Office (ICO) has published a consultation on its draft updated guidance on encryption. Respondents are asked to provide details about themselves and their organisations, share their views on encryption and data protection law, offer feedback on the encryption scenarios outlined in the guidance, and provide any additional comments. Responses are sought by 24 June 2025.

View Information Law by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Cybersecurity breach notification requirements

Cybersecurity breach notification requirementsSTOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European Union (Withdrawal) Act 2018 in connection with Brexit. From 1 January

Scotland—the process for applying for sequestration

Scotland—the process for applying for sequestrationSequestration in Scotland is the legal process by which an insolvent debtor’s estate is gathered in, realised and then distributed among their creditors by a trustee appointed for that purpose. The process requires that a formal award of

Micklefield clauses

Micklefield clausesWhat is a Micklefield clause?It is common for employee share plans to provide that, on termination of employment (or when an employee is given or receives notice of termination of employment), subsisting share awards will be forfeited and subsisting share options will lapse.It is

Early leavers—preservation

Early leavers—preservationFORTHCOMING DEVELOPMENT: Section 10 of the Finance Act 2022 will increase the normal minimum pension age (NMPA) from 55 to 57 on 6 April 2028 (save for members of the firefighters, police and armed forces public service pension schemes).The Finance Act 2022 will also give
Cybersecurity breach notification requirements

Cybersecurity breach notification requirements

Cybersecurity breach notification requirementsSTOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European Union (Withdrawal) Act 2018 in connection with Brexit. From 1 January