I enjoyed reading this piece from the team at CMS. Kenny Henderson and Cathryn Hopkins flag some important points around data breach claims for corporates.

The piece covers how, on Friday 30 July 2021, the High Court handed down an important judgment for businesses at risk of litigation following accidental data breaches. The piece cites some interesting data too. For instance, in March this year, the Government reported that nearly 40% of UK businesses suffered a cyber security breach or cyber-attack in the preceding 12 months. This also reminds me of a recent study I also saw cited in the FT on insider threats too. Research by cyber security group Code42 found that employees are taking sensitive computer code from their own companies at three times the rate they were a year ago and that there were 65m attempts made by staff to exfiltrate source code from their corporate networks in the three months to the end of June. Some worrying figures here, but sadly they’re not all that surprising to me.

Going back to this specific judgement though, it feels like welcome news for businesses, not least because it narrows the legal basis for those looking to bring claims.

Data breaches, whether they are external or internal, accidental or malicious, can have some very significant impacts on businesses. As such, management will need to fully consider these risks and how they are mitigated and responded to.

For more on this I would suggest you speak to Lorenzo Grillo (in our cyber team here) or Robert Grosvenor (who focuses on Data Privacy) in my team.