Cybersecurity, threats and risk management

The importance of implementing cybersecurity measures has been highlighted in recent years by high profile security failures involving the internet, the technology, and the services which support and make use of it. Against this backdrop, cybersecurity is of growing significance both to businesses and individuals. Organisations should be aware of their existing measures and, in the words of the UK government, ‘accept responsibility for their cybersecurity and ensure that they have the appropriate controls and systems in place to deter and deal with breaches if they do occur’.

The effect of convergence in a digital world has further operated to bring issues involving cybersecurity to a diverse range of industries and legal practice areas. This is reflected in a patchwork of current and proposed regulation to combat information security threats and manage data use together with a growing appreciation of the need for standards and a harmonisation of practice and regulation.

For a list of the key bodies or organisations that operate to combat the threat of cybercrime, see Practice Note: Cybercrime—list of relevant authorities.

For information on cybersecurity regulation in other jurisdictions,

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Information Law News

Government departments update ECCTA guidance on AML information sharing measures

The Home Office, HM Treasury, Ministry of Justice, Companies House, Serious Fraud Office and Department for Business and Trade have updated guidance on information sharing measures under the Economic Crime and Corporate Transparency Act (ECCTA) 2023. The updated guidance, published on 3 October 2025, sets out provisions for anti-money laundering (AML) regulated firms to share customer information directly or indirectly through third-party intermediaries to prevent, detect and investigate economic crime. The guidance covers warning and request conditions for direct sharing, practical considerations including cross-sector sharing mechanisms, and requirements for law enforcement reporting, UK General Data Protection Regulation compliance and customer redress. The measures, which came into force on 15 January 2024, disapply confidentiality obligations and civil liability for AML regulated firms when sharing information for specified economic crime prevention purposes.

Information Law weekly highlights—2 October 2025

Welcome to this week’s edition of the Information Law weekly highlights: a hand-picked summary of news analysis, updates and new content related to laws governing the use and dissemination of information and personal data. Each week these highlights focus on developments in key topics such as data protection, ePrivacy, cybersecurity, breach of confidence, misuse of private information, and defamation.

ICO issues enforcement notice to Bristol City Council over failures to respond to data requests

The Information Commissioner's Office (ICO) has issued an enforcement notice to Bristol City Council (BCC) for failing to respond to subject access requests (SARs). The notice requires BCC to: (1) notify individuals with overdue SARs about the delays; (2) provide outstanding SAR responses by specified deadlines, prioritising the oldest cases from 2022 to be resolved within 30 days; (3) submit weekly progress updates to the ICO until all overdue SARs are resolved; (4) develop an action plan within 90 days to address the SAR backlog, including defined responsibilities, prioritisation and timelines; and (5) implement system and process improvements within 12 months, including adequate staffing, resources and staff training to ensure compliance with the UK General Data Protection Regulation requirements.