what's in the news

Pitmans hosted an evening seminar on 1 February, sponsored by Prolinx, a specialist IT security solutions provider, at which delegates were stimulated by a panel of experts who highlighted some of the current threats and challenges posed by cyber risk.

The key note presentation was made by Professor Sadie Creese of Cybersecurity at the University of Oxford. Professor Creese kicked off with the scale which faced today’s society, highlighting that by 2020, there will be 31 billion connected devices and 50 trillion gigabytes of data created. This, in turn, will result in an increasingly vast ‘attack surface’ which presents those seeking to protect cyber assets with an enormous challenge. Professor Creese, amongst other things, pointed out the scarcity of meaningful metrics in relation to data security as well as the importance of preparing to ‘respond and recover’. As part of current research, it was clear that much needed to be done to develop invaluable analytics to measure security. And that, above all, the ability to attribute an identity to hackers or intruders remained a perennial vulnerability.

Philip James, a Partner who leads Pitmans’ Data Privacy & Information Law team, explained that the World Economic Forum’s recent Risk Report now lists cyber threats as one of the top 5 most risks threatening society in terms of likelihood. Philip highlighted the risks this poses to the current intellectual property enforcement regime: in the absence of identifying culprits, it remains difficult to take criminal action against those responsible and that all that will be left will be a dispute between the victim and its suppliers as to who is to blame. In addition, investors and companies will be increasingly reluctant to invest in R&D if valuable intangible assets cannot be protected from extraction. Philip also summarised the EU’s recent draft Data Protection Regulation which seeks to introduce a much stricter regime for serious breaches of data security (calculated as a percentage of global turnover) and a concept of accountability so that data controllers are encouraged to take responsibility for the protection of personal data.

Simon Milner, Head of Cyber Risk at JLT Speciality Limited, then provided a realistic explanation of the insurance landscape and what solutions are available to customers on today’s insurance market. Simon picked up on some of the themes touched on by previous speakers including the need to develop better analytics to assist risk grading and assessment. In particular, it was clear that many in industry were not necessarily aware of the variety of products currently available in this space, e.g. to cover reputation management, legal costs and re-constitution of lost data.

Finally, Nick Baskett, Chairman of Matta Consulting, a penetration and vulnerability consultancy, provided an invaluable insight into the gaps and strengths in existing data security systems, including:

• an amusing, if scary, expose on how effective intrusion detection systems can be when they are not correctly implemented; and
• how a software house subsequently discovered (after passing on the opportunity to carry out a security audit on a number of previous occasions) that a trojan was residing in its primary code repository.

Nick then stressed the distinction between carrying out a forensic investigation following an incident dependent on whether it was necessary to collect evidence or not (and the related costs involved). 

A copy of the WEF Global Risks Report is available here.

Following the session, McAfee have also released their 2012 Threats Predictions – click here for further details.

For further discussion of this seminar or other issues, please contact:

Pitmans’ Data Privacy & Information Law team

Pitmans’ Cyber Risk Management team

Philip James
Partner, Head of Data Privacy & Cyber Risk Management
T: +44 (0) 207 634 4655
E: pjames@pitmans.com