< ciso
brief />
Tag Banner

All news with #uk gdpr tag

16 articles

Google Cloud designated a UK critical third party

🛡️ Today Google Cloud announced that on July 10 the U.K. Treasury designated Google Cloud EMEA as a critical third party (CTP) to the U.K. financial sector. The designation acknowledges the systemic impact of services used by U.K. firms and places Google Cloud EMEA under direct oversight by the Bank of England, PRA, and FCA. Google Cloud commits to constructive engagement with regulators and to help customers meet operational resilience and third‑party risk requirements.
read more →

AWS designated a critical third party for UK finance

🔐 Amazon Web Services EMEA Sarl (AWS) has been designated a critical third party (CTP) to the UK financial sector under the CTP regime that came into force on January 1, 2025. The regime gives the Bank of England, PRA, and FCA powers to set requirements and exercise direct oversight over designated providers. AWS will self-assess its designated Systemic Third-Party Services (STPS) against the criteria and engage with regulators while supporting customers’ operational resilience.
read more →

UK unveils AI-driven national Cyber Shield

🔒 The UK’s NCSC and DSIT unveiled a blueprint called Cyber Shield to deploy autonomous AI agents that detect and neutralize cyberattacks at machine speed. The plan uses cooperating “red” and “blue” agents to identify weaknesses, detect threats and progressively automate remediation while operating under organizational control. The initiative emphasizes explainable and federated AI, industry partnerships, and a staged rollout beginning with government and critical sectors.
read more →

UK Firms Face Rising Ransomware Incidents in 2025–26

🔒 Report Fraud received 323 ransomware reports from UK organisations between April 2025 and March 2026, with SMEs accounting for over half of victims. Financial losses rose about 50% year-on-year to approximately £270,000 per incident, though police warned this likely understates the true cost. Authorities and experts urge firms to adopt proactive measures like regular backups and strong access controls to reduce risk and impact.
read more →

ICO cautions healthcare worker over royal records

🔒 The ICO has issued a formal caution to a former London Clinic healthcare worker who attempted to access and sell the Princess of Wales’ medical records. The regulator opened a criminal investigation in 2024 but concluded a caution under section 170(5) of the Data Protection Act 2018 was an appropriate enforcement response. The ICO found no wider organisational failings meeting the threshold for further action and emphasised its readiness to pursue prosecution when necessary.
read more →

Google to use IPs for ad personalization in EEA, UK

🔒 Google has notified advertisers it will begin using IP addresses to identify devices for ad measurement and personalization across the EEA, UK and Switzerland on or shortly after August 3, 2026. The change repurposes IPs — already transmitted to route traffic and deliver ads — for purposes that trigger consent requirements under UK and EU law. Google will register for IAB Europe TCF Feature 3 and says it will rely on privacy-enhancing technologies while offering later user choices on its properties. Advertisers remain responsible for obtaining valid consent under Google’s EU User Consent Policy.
read more →

CyCOS expands UK SME cyber support ahead of CIISec handover

🛡️ The Cybersecurity Communities of Support (CyCOS) pilot, launched by academics from UK universities, is expanding from two to seven small peer-led communities to help SMEs improve cyber resilience. The program combines webinars, AMAs, an online support platform and shared resources, and will transition operational leadership to the Chartered Institute of Information Security (CIISec). New communities are being founded by volunteer SME facilitators and supported by a Community Toolkit to ensure replicability.
read more →

GCHQ warns businesses: urgent cyber action on AI

⚠️ Anne Keast-Butler, director of GCHQ, urged UK businesses to treat cybersecurity as national defence during the agency's first annual lecture at Bletchley Park on May 27. She warned that rapid AI development narrows the window to stay ahead of threats and called on boardrooms to act now. GCHQ plans a machine-speed national cyber defence using agentic AI within five years while urging adoption of basic controls and quantum-resistant cryptography.
read more →

Palo Alto Networks: Securing the UK's Digital Autonomy

🔒 Palo Alto Networks reaffirms its commitment to UK digital autonomy, offering UK-based data hosting, Bring Your Own Key (BYOK) capabilities and contractual protections aligned to UK GDPR. The post cites Unit 42 research on accelerating exfiltration and identity-driven compromises and explains how Systems Data fuels collective defence without sacrificing operational privacy. It stresses local presence, certifications and tailored support for critical national infrastructure.
read more →

Employee Data Breaches Reach Seven-Year High in UK

🔒 New analysis from law firm Nockolds shows employee data breaches reported to the UK Information Commissioner’s Office reached 3,872 incidents in 2025, a 5% year‑on‑year increase and about 29% above the 2019 baseline of 3,010. The report highlights a divergence in incident types: cyber-related breaches fell 6% to 1,568, while non-cyber incidents rose 15% to 2,304. Nockolds principal associate Joanna Sutton attributes the shift to hybrid working and gaps in physical and procedural safeguards, and urges closer collaboration between HR and security teams to improve training, policies and risk controls.
read more →

Invoice Fraud Costs UK Construction Sector Millions

⚠️ The UK's NCA, alongside the National Federation of Builders (NFB), has warned finance and accounts payable teams in construction about a rise in invoice fraud, a form of BEC that cost victims almost £4m in September 2025. Fraudsters impersonate or hijack supplier emails to change bank details on invoices, exploiting complex subcontractor networks and insecure email channels. The campaign urges staff to verify invoice changes by calling suppliers, delay payments until details are confirmed, and strengthen IT controls such as strong passwords, multi‑factor authentication and up‑to‑date anti‑malware.
read more →

UK Cyber Threat Shift: Disruption Replaces Ransomware

⚠️ The UK threat landscape changed markedly in 2025: the country became the most targeted in Europe, receiving about 16% of recorded attacks. The dominant intent shifted from monetization to disruption, with defacement comprising nearly half of incidents and overtaking ransomware as the primary concern. Many organizations that built defenses around extortion found their threat models misaligned. Security teams must broaden detection, harden web-facing assets, and update incident response playbooks to address disruption-focused adversaries.
read more →

UK Plans Ransomware Payment Ban With Security Exemptions

🔒 The UK government plans to ban ransomware payments for public sector and critical national infrastructure, while requiring other businesses to notify authorities if they intend to pay attackers. Announced after a public consultation and detailed in a September policy paper, the measure will include national security exemptions to avoid creating impossible choices for essential services. Security Minister Dan Jarvis said the move is a priority and that adoption will proceed when parliamentary time allows, with ongoing coordination across government and allied states.
read more →

UK introduces Cyber Security and Resilience Bill to Parliament

🔒 The UK government today introduced the Cyber Security and Resilience Bill, proposing a major overhaul of the NIS Regulations to align with updated EU standards. The draft would regulate managed service providers, expand scope to data centres and smart-appliance electricity flows, and mandate supply-chain risk management and NCSC Cyber Assessment Framework-based controls. Incident reporting windows would tighten to an initial 24 hours and full report within 72 hours, while the ICO and regulators gain stronger enforcement and fee powers.
read more →

UK NCSC Reports 130% Rise in National Cyber Incidents

🔐 The UK’s National Cyber Security Centre (NCSC) reported 204 nationally significant incidents between September 2024 and August 2025, a 130% increase on the prior year’s 89 incidents. In total the agency received 1,727 incident tips and elevated 429 to cyber incidents requiring support, including 18 Category 2 “highly significant” events. NCSC leaders warned attackers are improving and urged businesses to harden defences and prioritise preparedness to sustain operations during attacks.
read more →

UK Upper Tribunal Upholds ICO Claim Against Clearview

🔍 The UK Information Commissioner’s Office (ICO) won an Upper Tribunal ruling that bolsters its authority to enforce the UK GDPR against Clearview AI and increases the likelihood of a previously issued £7.5m penalty being upheld. The tribunal found that Clearview’s scraping and global database usage involved monitoring the behavior of UK residents and is not beyond the reach of UK law even when services are provided to foreign law‑enforcement customers. The UT has directed the First‑Tier Tribunal to reconsider its earlier decision in light of this jurisdictional clarity, though Clearview may still appeal.
read more →