Cyber risk, like any other risk to your business, needs to be managed properly and considered a high priority risk for the internal compliance or legal team—not just the IT department. It is a business risk that must be managed within an overall information risk-management and crime prevention framework.
The guidance and tools referenced reflect information security and breach notification requirements in the UK General Data Protection Regulation (UK GDPR), Assimilated Regulation (EU) 2016/679 and Data Protection Act 2018, but are not intended to cover specialist sector-specific requirements in the:
Network and Information Systems Regulations 2018 (NIS Regulations), SI 2018/506
Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR 2003), SI 2003/2426 (as amended), or
Financial Services and Markets Act 2000 (FSMA 2000) and the Financial Conduct Authority (FCA) Handbook
Cybercrime is simply a crime that has some kind of computer or cyber aspect to it. It takes shape in a variety of different forms.
one-off—involves theft or manipulation of data or services which appears, from the victim’s perspective, to be a single event, eg malware or phishing
ongoing—a
To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.
**Trials are provided to all LexisNexis content, excluding Practice Compliance, Practice Management and Risk and Compliance, subscription packages are tailored to your specific needs. To discuss trialling these LexisNexis services please email customer service via our online form. Free trials are only available to individuals based in the UK, Ireland and selected UK overseas territories and Caribbean countries. We may terminate this trial at any time or decide not to give a trial, for any reason. Trial includes one question to LexisAsk during the length of the trial.
Corporate Crime analysis: Fatima Jama, a criminal and regulatory barrister at Mountford Chambers, provides an expert analysis of the Government’s...
The Information Commissioner's Office (ICO) has launched a consultation on its draft corporate strategy. The two-year strategy (2026–28) is designed...
MLex: The UK privacy regulator's internal culture and governance face a review after a probe into former Information Commissioner John Edwards found...
Law360, London: On 22 May 2026, the Court of Appeal handed down judgment in Tonzip Maritime (Singapore) Pte Ltd v 2Rivers Pte Ltd, The Catalan Sea,...
Priority between loss reliefs in loss making companiesWhy does it matter?A company that is a member of a group and has incurred any of the types of losses available for surrender by way of group relief may, without any further rules, have more than one way in which to use the loss. There are a
Late payment penalties—inheritance taxWhile interest often accrues on overdue tax, the late payment of certain taxes may also attract a penalty. For information on the interest accruing on overdue tax, see Practice Notes: IHT—payment deadlines on death—Interest on IHT and Interest on late paid
If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit
Strike out—making an application to strike out a statement of caseA strike out order can be made either following an application by the parties or on the court's own initiative. This Practice Note deals with the scenario of the order being made following a party's application.Making an application
0330 161 1234