Cybersecurity, threats and risk management

The importance of implementing cybersecurity measures has been highlighted in recent years by high profile security failures involving the internet, the technology, and the services which support and make use of it. Against this backdrop, cybersecurity is of growing significance both to businesses and individuals. Organisations should be aware of their existing measures and, in the words of the UK government, ‘accept responsibility for their cybersecurity and ensure that they have the appropriate controls and systems in place to deter and deal with breaches if they do occur’.

The effect of convergence in a digital world has further operated to bring issues involving cybersecurity to a diverse range of industries and legal practice areas. This is reflected in a patchwork of current and proposed regulation to combat information security threats and manage data use together with a growing appreciation of the need for standards and a harmonisation of practice and regulation.

For a list of the key bodies or organisations that operate to combat the threat of cybercrime, see Practice Note: Cybercrime who's who.

For information on cybersecurity regulation in other jurisdictions, see:

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Information Law News

Information Law weekly highlights—3 July 2025

Welcome to this week’s edition of the Information Law weekly highlights: a hand-picked summary of news analysis, updates and new content related to laws governing the use and dissemination of information and personal data. Each week these highlights focus on developments in key topics such as data protection, ePrivacy, cybersecurity, breach of confidence, misuse of private information, and defamation.

DSIT launches evaluation survey for Software Security Code of Practice implementation

The Department for Science, Innovation and Technology (DSIT) has opened a formal evaluation process for the Software Security Code of Practice, seeking feedback from both software providers and customers on implementation experiences. The evaluation encompasses organisations' access to and understanding of the code, National Cyber Security Centre's Implementation Guidance, and self-attestation requirements. Participation is open to organisations regardless of their implementation status, with responses intended to inform future policy development. The survey closes on 16 December 2026.

ICO secures convictions in largest ever nuisance call investigation

The Information Commissioner's Office (ICO) has secured guilty verdicts against eight individuals for data protection offences following its largest ever nuisance call investigation. On 26 June 2025, Craig Cornick was found guilty at Bolton Crown Court of conspiracy to unlawfully obtain personal data contrary to the Data Protection Act, joining seven others who had previously pleaded guilty to various offences under the Data Protection Act and Computer Misuse Act. The investigation uncovered approximately one million illegally accessed vehicle repair records between 2014-2017. The defendants are scheduled to return to court on 11 July 2025 for Proceeds of Crime Act proceedings, with sentencing to follow. The ICO has indicated a second phase of investigation is ongoing, targeting insurance companies and claims management firms.