Cybersecurity, threats and risk management

The importance of implementing cybersecurity measures has been highlighted in recent years by high profile security failures involving the internet, the technology, and the services which support and make use of it. Against this backdrop, cybersecurity is of growing significance both to businesses and individuals. Organisations should be aware of their existing measures and, in the words of the UK government, ‘accept responsibility for their cybersecurity and ensure that they have the appropriate controls and systems in place to deter and deal with breaches if they do occur’.

The effect of convergence in a digital world has further operated to bring issues involving cybersecurity to a diverse range of industries and legal practice areas. This is reflected in a patchwork of current and proposed regulation to combat information security threats and manage data use together with a growing appreciation of the need for standards and a harmonisation of practice and regulation.

For a list of the key bodies or organisations that operate to combat the threat of cybercrime, see Practice Note: Cybercrime—list of relevant authorities.

For information on cybersecurity regulation in other jurisdictions,

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Information Law News

DSIT Minister outlines Cyber Security and Resilience Bill plans

The Department for Science, Innovation and Technology (DSIT) represented by Minister for the Digital Economy, Liz Lloyd CBE, addressed a techUK cybersecurity event. In her speech, Minister Lloyd reaffirmed the UK government’s commitment to the cybersecurity sector, highlighting its role as a key driver of economic growth, job creation, and national resilience through the forthcoming Cyber Security and Resilience Bill. She confirmed that the Bill will be introduced to Parliament ‘when Parliamentary time allows,’ but did not provide a firmer timeline. The Minister clarified that the legislation is intended to apply only to the most critical services, stating that ‘the vast majority of UK businesses and organisations will not be covered by the Cyber Bill because we do not think it would be proportionate.’ She also referenced the development of a new National Cyber Strategy, which will build on existing initiatives to ensure the UK remains secure and competitive in the face of evolving cyber threats.

ICO launches consultation on charitable purpose soft opt-in rules for fundraising

The Information Commissioner's Office (ICO) has launched a consultation on guidance for new 'charitable purpose soft opt-in' rules that will take effect in January 2026 under the Data (Use and Access) Act. The rules will allow charities to send electronic marketing messages to people who have expressed interest in supporting them without requiring prior consent, though existing database contacts are excluded. The consultation runs until 27 November 2025.

Information Law weekly highlights—16 October 2025

Welcome to this week’s edition of the Information Law weekly highlights: a hand-picked summary of news analysis, updates and new content related to laws governing the use and dissemination of information and personal data. Each week these highlights focus on developments in key topics such as data protection, ePrivacy, cybersecurity, breach of confidence, misuse of private information, and defamation.

European Parliament committee calls for stricter online protection measures for minors

The European Parliament’s Internal Market and Consumer Protection Committee (IMCO) has adopted a report calling for stronger EU measures to protect minors online. Approved by 32 votes to five, with nine abstentions, the report urges an EU-wide digital minimum age of 16 for access to social media, video-sharing platforms, and AI companions without parental consent, and a minimum age of 13 for general social media use. It supports the European Commission’s efforts to develop privacy-preserving age assurance systems but emphasises that platforms remain responsible for ensuring safety-by-design. The Committee calls on the Commission to fully enforce the EU Digital Services Act, including fines or bans for non-compliant platforms, and proposes introducing personal liability for senior management in repeated breaches, banning engagement-based recommender algorithms and addictive features for minors, and prohibiting gambling-like mechanisms and ‘kidfluencing.’It also seeks to regulate manipulative technologies such as targeted ads, influencer marketing, and dark patterns under the forthcoming Digital Fairness Act. The initiative follows Eurobarometer findings on young people’s increasing reliance on digital media, with the European Parliament due to vote on the recommendations at the 24–27 November 2025 plenary session.

View Information Law by content type :

News