Cyber Monthly Wrap-up (UK, EMEA and the US) – November 2023

Welcome to HSF's November wrap up; our top picks for cyber-related news in the UK, EMEA and US. Our short summary and commentary is aimed at giving you the awareness and insights you need, with minimum time investment. Below you will find:
  • Developments in regulatory requirements and guidance;
  • Wider cyber industry news; and
  • Particularly noteworthy (reported) cyber incidents.
Read more

Cyber risk in Critical National Infrastructure features prominently in UK 2023 National Risk Register

In August 2023, the UK Government published its 2023 National Risk Register ("the Risk Register"), listing the 89 main publicly-acknowledged risks facing the UK. Cyber-attacks on gas infrastructure, electricity infrastructure, civil nuclear, fuel supply infrastructure, the health and social care system, the transport sector, telecommunications systems and one or more UK retail banks are cited as key risks in the report. Read more

High profile cyberattacks increase emphasis upon cyber resilience in South Africa’s energy sector

On Thursday 25 July 2019, the City of Johannesburg's electricity service provider, City Power, suffered a ransomware attack which encrypted its databases, applications and network. The attack disabled the utility's website and prevented its customers from being able to purchase electricity from the utility which potentially impacted up to a quarter of a million customers. In addition, City Power was delayed from responding to localised blackouts, leaving several suburbs in the dark, as City Power's systems were unable to efficiently detect faults in the entity's distribution system. Read more

US SEC moves against individual directors over SolarWinds nation state supply chain attack

The US Securities and Exchange Commission (SEC)'s issue of a Wells Notice to SolarWinds Corporation's former and current executives this summer is a sharp reminder that there can be serious consequences for individuals following cyber security incidents. There is a global trend towards holding senior people within companies personally responsible for cyber security. Individuals can be sanctioned by regulators, find themselves facing action for breach of their fiduciary duties to their companies, and even the target of litigation, including in class actions by investors that name officers or directors as defendants in their individual capacity. Read more

Building resilience: a top priority for the UK

The UK Government published its Resilience Framework on 19 December 2022. This step recognises that crises are likely to be greater than we have been used to in both frequency and scale in the next decade, given what the government describes as "an increasingly volatile world, defined by geopolitical and geoeconomics shifts, rapid technological change and a changing climate." Read more

Hong Kong, can you handle this? The HKMA proposes new standards for operational resilience

Following the HKMA’s 21 April 2021 circular highlighting the additional guidance issued by the BCBS on 31 March 2021, namely the Principles for Operational Resilience and the Revised Principles for Sound Management of Operational Risk, the HKMA launched a consultation on 22 December 2021 on a new proposed Supervisory Policy Manual module OR-2 (Operational Resilience) and proposed amendments to existing SPM modules TM-G-2 (Business Continuity Planning) and OR-1 (Operational Risk Management) in order to align with the BCBS’s operational resilience guidance. Read more