Cyber risk in Critical National Infrastructure features prominently in UK 2023 National Risk Register

In August 2023, the UK Government published its 2023 National Risk Register ("the Risk Register"), listing the 89 main publicly-acknowledged risks facing the UK. Cyber-attacks on gas infrastructure, electricity infrastructure, civil nuclear, fuel supply infrastructure, the health and social care system, the transport sector, telecommunications systems and one or more UK retail banks are cited as key risks in the report. Read more

The SEC’s new cybersecurity disclosure rules – new requirements for foreign private issuers

On 26 July 2023, the US Securities and Exchange Commission (the “SEC“) adopted rules requiring registrants to disclose material cybersecurity incidents and certain information regarding their cybersecurity risk management, strategy, and governance. Under the final rules, foreign private issuers (“FPIs“) will be required to furnish on Form 6-K information on material cybersecurity incidents that they … Read more

Cyber security: A month in retrospect (Australia) – August 2023

As the Northern Hemisphere summer draws to a close, we have been tracking another busy month in the world of cyber security. We’ve brought together the top cyber-related news for August, so you don’t have to, including: an update on the fallout of the MOVEit breach, a freeze on bonuses for Medibank executives following its … Read more

High profile cyberattacks increase emphasis upon cyber resilience in South Africa’s energy sector

On Thursday 25 July 2019, the City of Johannesburg's electricity service provider, City Power, suffered a ransomware attack which encrypted its databases, applications and network. The attack disabled the utility's website and prevented its customers from being able to purchase electricity from the utility which potentially impacted up to a quarter of a million customers. In addition, City Power was delayed from responding to localised blackouts, leaving several suburbs in the dark, as City Power's systems were unable to efficiently detect faults in the entity's distribution system. Read more

US SEC moves against individual directors over SolarWinds nation state supply chain attack

The US Securities and Exchange Commission (SEC)'s issue of a Wells Notice to SolarWinds Corporation's former and current executives this summer is a sharp reminder that there can be serious consequences for individuals following cyber security incidents. There is a global trend towards holding senior people within companies personally responsible for cyber security. Individuals can be sanctioned by regulators, find themselves facing action for breach of their fiduciary duties to their companies, and even the target of litigation, including in class actions by investors that name officers or directors as defendants in their individual capacity. Read more

Cyber security: A month in retrospect (Australia) – July 2023

July 2023 has been another busy month in the world of cyber security (yes, another one). This update summarises the top cyber-related news for July, including: regulatory developments such as APRA’s new Operational Risk Management standard, plus new cyber disclosure rules introduced by the U.S. Securities and Exchange Commission; new insights into the rising average … Read more

German Minister of Interior considers amendment of Constitution to defend against cyber attacks

In Germany, the Federal Minister of the Interior, Nancy Faeser, considered two amendments to the Constitution as part of an ambitious plan to strengthen cybersecurity across the nation. This followed from calls to strengthen cyber resilience for federal authorities, critical infrastructure and to modernise and expand cybersecurity architecture in Germany. Ms. Faeser noted that cybersecurity threats remained high. German authorities and businesses have been the target of cyberattacks since Russia's war in Ukraine. Disinformation, sabotage and espionage were also identified as critical issues. Read more

Cyber security: A month in retrospect (Australia) – June 2023

It’s been another busy month in the world of cyber security. This update summarises June’s leading cyber and privacy-related news including notable cyber incidents, regulatory developments, new industry research and a few updates from us. News from HSF Media on recent cyber incidents Regulatory and industry news News from HSF HSF Cyber Survey A reminder … Read more