All news with #uk gdpr tag

🔒 Palo Alto Networks reaffirms its commitment to UK digital autonomy, offering UK-based data hosting, Bring Your Own Key (BYOK) capabilities and contractual protections aligned to UK GDPR. The post cites Unit 42 research on accelerating exfiltration and identity-driven compromises and explains how Systems Data fuels collective defence without sacrificing operational privacy. It stresses local presence, certifications and tailored support for critical national infrastructure.

🔒 New analysis from law firm Nockolds shows employee data breaches reported to the UK Information Commissioner’s Office reached 3,872 incidents in 2025, a 5% year‑on‑year increase and about 29% above the 2019 baseline of 3,010. The report highlights a divergence in incident types: cyber-related breaches fell 6% to 1,568, while non-cyber incidents rose 15% to 2,304. Nockolds principal associate Joanna Sutton attributes the shift to hybrid working and gaps in physical and procedural safeguards, and urges closer collaboration between HR and security teams to improve training, policies and risk controls.

⚠️ The UK's NCA, alongside the National Federation of Builders (NFB), has warned finance and accounts payable teams in construction about a rise in invoice fraud, a form of BEC that cost victims almost £4m in September 2025. Fraudsters impersonate or hijack supplier emails to change bank details on invoices, exploiting complex subcontractor networks and insecure email channels. The campaign urges staff to verify invoice changes by calling suppliers, delay payments until details are confirmed, and strengthen IT controls such as strong passwords, multi‑factor authentication and up‑to‑date anti‑malware.

⚠️ The UK threat landscape changed markedly in 2025: the country became the most targeted in Europe, receiving about 16% of recorded attacks. The dominant intent shifted from monetization to disruption, with defacement comprising nearly half of incidents and overtaking ransomware as the primary concern. Many organizations that built defenses around extortion found their threat models misaligned. Security teams must broaden detection, harden web-facing assets, and update incident response playbooks to address disruption-focused adversaries.

🔒 The UK government plans to ban ransomware payments for public sector and critical national infrastructure, while requiring other businesses to notify authorities if they intend to pay attackers. Announced after a public consultation and detailed in a September policy paper, the measure will include national security exemptions to avoid creating impossible choices for essential services. Security Minister Dan Jarvis said the move is a priority and that adoption will proceed when parliamentary time allows, with ongoing coordination across government and allied states.

🔒 The UK government today introduced the Cyber Security and Resilience Bill, proposing a major overhaul of the NIS Regulations to align with updated EU standards. The draft would regulate managed service providers, expand scope to data centres and smart-appliance electricity flows, and mandate supply-chain risk management and NCSC Cyber Assessment Framework-based controls. Incident reporting windows would tighten to an initial 24 hours and full report within 72 hours, while the ICO and regulators gain stronger enforcement and fee powers.

🔐 The UK’s National Cyber Security Centre (NCSC) reported 204 nationally significant incidents between September 2024 and August 2025, a 130% increase on the prior year’s 89 incidents. In total the agency received 1,727 incident tips and elevated 429 to cyber incidents requiring support, including 18 Category 2 “highly significant” events. NCSC leaders warned attackers are improving and urged businesses to harden defences and prioritise preparedness to sustain operations during attacks.

🔍 The UK Information Commissioner’s Office (ICO) won an Upper Tribunal ruling that bolsters its authority to enforce the UK GDPR against Clearview AI and increases the likelihood of a previously issued £7.5m penalty being upheld. The tribunal found that Clearview’s scraping and global database usage involved monitoring the behavior of UK residents and is not beyond the reach of UK law even when services are provided to foreign law‑enforcement customers. The UT has directed the First‑Tier Tribunal to reconsider its earlier decision in light of this jurisdictional clarity, though Clearview may still appeal.