The legal tools for dealing with a cyber attack

By Phil Hartley

Late last year, a group of information security experts gathered with government officials to hack into the deep intestinal computers of London’s financial district. The purpose of the exercise, dubbed ‘Waking Shark II’, was to test whether the UK’s banks and stock exchanges — that is to say, the UK financial system — could withstand a major cyber-security attack.

While the exercise was just a simulation, real incidents do occur with astonishing frequency. In January this year, for example, Tony Colston-Hayter, who achieved notoriety in the late 1980s as the foppish progenitor of rave, admitted to conspiring to steal £1.3m by taking control of computer systems at a popular UK high-street bank through a surreptitiously placed desktop device.

The exploitation of weaknesses in an organisation’s IT systems can result not only in significant losses through data theft or reputational damage; it also poses a real risk of civil action or regulatory enforcement and fines. Technical and organisational measures to prevent hacking are necessary not only to shore up defences against data breaches, but also a legal obligation under the seventh data protection principle under the Data Protection Act 1998…

Click on the link below to read the rest of the Schillings briefing.

Briefings from Schillings

View more briefings from Schillings

Analysis from The Lawyer


41 Bedford Square