作者

Edward Spencer

高级法律顾问

Read More

Jo Joyce

高级法律顾问

Read More

Michael Yates

合伙人

Read More
作者

Edward Spencer

高级法律顾问

Read More

Jo Joyce

高级法律顾问

Read More

Michael Yates

合伙人

Read More

2023年3月28日

Cyber security 2023: key threats and challenges

  • Quick read

Renditions of Auld Lang Syne had barely finished before we heard about the first data breaches of 2023. PayPal, T-Mobile, JD Sports and Activision were just a few of the companies who suffered data breaches in January and February in a clear sign that threat actors don't intend to slow down this year.

In PwC's annual CEO Survey for 2022, almost two-thirds of UK CEOs said they were extremely or very concerned about cyber attacks impacting their ability to sell products and services. But what cyber threats are on the horizon for the year ahead?

To help answer this question we held a webinar, Cyber Horizons for 2023, to share our views on the emerging threats and trends for 2023. Our Taylor Wessing speakers were lucky enough to be joined by Oliver Crofton from cyber defence company BlueVoyant to discuss what BlueVoyant sees as the main threats this year.

The outlook for 2023

We kicked off by looking at the outlook for 2023. Oliver shared his short (or rather, long) list of threats BlueVoyant is monitoring including:

  • artificial intelligence-enhanced phishing attacks and tools
  • ransomware attacks, with new active groups emerging 
  • supply chain attacks, both attacks on vendors and the interconnectivity between suppliers being used to breach companies
  • quantum computing and the threat it poses to standard encryption 
  • state sponsored attacks and cyber warfare due to current geopolitical tensions
  • cryptocurrency theft and fraud
  • insider threats and the rising threat of employees stealing data to sell given the current difficult economic conditions.

Is insurance the answer?

Ed Spencer and Laura Singleton were up next to give their views on a big question - is insurance the answer? The market for cyber insurance is in a challenging place right now, and many businesses have seen premiums skyrocket leading them to question whether insurance is worth the cost of the policy. 

So, is insurance worth the premiums? Cyber attacks are hugely expensive to deal with and can cost tens of millions of pounds. Companies need to pay for lawyers, specialist IT recovery firms, third party experts, the often overlooked cost of business interruption – and that's without considering the cost of any ransom which might be demanded. 

Insurance offers businesses the opportunity to mitigate financial and legal risk, but is in no way a complete solution – it helps after the event but is not a preventative measure. It's ultimately up to businesses to decide whether the cost of insurance premiums is justified or whether they want to allocate more funds to prevention instead. 

Our speakers discussed the pros and cons of both options, also emphasising that it's important for companies to fully understand what cover they've bought and that they comply fully with the policy wording. 

Getting breach ready

Our webinar ended with Jo Joyce and Michael Yates discussing breach readiness. They covered the steps organisations should take to protect themselves using our audit, improve, and test methodology laid out below.

Audit – You should start by assessing your current level of preparedness through an audit. Engage with stakeholders across the business to work out general cyber awareness, then create a report to take to your board to outline any vulnerabilities or areas of concern identified. 

Improve – If you already have a breach response plan and policies, update them for any areas identified in the audit stage. If you don't have them, prepare them! Ensure your plan is clear and comprehensive, and that everyone knows who's doing what, and at what stages, should the worse happen. Importantly, make sure your plan is stored somewhere you won't lost access to should your company be compromised. 

In terms of those involved in your response, appoint your crisis response team in advance. Don't get stuck trying to assemble a team during a crisis, adding unnecessary pressure when you're already dealing with a multitude of competing priorities. 

You should also prepare your reporting notices or litigation hold notices in advance. The decision to report can take up a huge amount of time when you're trying to deal with a crisis. And that's before you've even sat down to draft the documents you might need to submit. Prepare as much material in advance to save crucial time later.

Lastly, identify training opportunities for any knowledge gaps you've identified that you could plug with training. 

Test – Once you've worked out what you need to do, and have improved your arrangements, it's best to run a breach simulation exercise. This will give you a chance to work out if your policies actually work, identify any practical issues with your response plan, and identify if anyone is missing from your breach response team.

How we can help

You can view the entire webinar below to hear the full discussion. If you'd like to know more about any of the topics discussed, or would like advice about proactive cyber defence in general, please get in touch.

Call To Action Arrow Image

Latest insights in your inbox

Subscribe to newsletters on topics relevant to you.

Subscribe
Subscribe

Related Insights

数据保护与网络

Purposeful processing: legitimate interests and purpose limitation in the Data Protection and Digital Information Bill

Jo Joyce looks at legitimate interests and purpose limitation provisions in the Data Protection and Digital Information Bill.

2022年9月26日

作者 Jo Joyce

点击此处了解更多
数据保护与网络

Into the breach – managing employees during a data incident

Jo Joyce and Calum Parfitt look at data breach preparedness and responses from an HR perspective.

2022年7月11日

作者 Jo Joyce

点击此处了解更多
数据保护与网络

Pensions dashboards and data sharing

Anna Taylor and Jo Joyce look at the data sharing requirements for the proposed pensions dashboard and resulting data protection considerations.

2022年5月17日

作者 Anna Taylor 以及 Jo Joyce

点击此处了解更多