(020) 7242 5778

Wildy’s Book News

Book News cover photo

Vol 25 No 2 Feb/March 2020

Book of the Month

Cover of Lewin on Trusts

Lewin on Trusts

Price: £395.00

Wildy, Simmonds & Hill

Just Published

The Complete List...

Offers for Newly Called Barristers & Students

Special Discounts for Newly Called & Students

Read More ...

Secondhand & Out of Print

Browse Secondhand Online


Cyber Security: Law and Guidance

ISBN13: 9781526505866
Published: September 2018
Publisher: Bloomsbury Professional
Country of Publication: UK
Format: Paperback
Price: £125.00

In stock.

Also available as

What is cyber security?

Cyber security is concerned with both the security of cyber space and the security of entities that use or rely on cyber space. For these purposes, cyber space includes:

  • The internet and the world-wide web.
  • The facilities and apparatus that underpin and connect the internet and the world-wide web (for example, telecommunications, internet access and internet service provision).
  • The facilities and apparatus that support the provision of content available through the internet and the world-wide web.
  • The facilities and apparatus that support data processing and data storage accessible through the internet and the world-wide web (for example, cloud computing services and the supporting infrastructure, such as data centres).
  • Cyber space also includes physical places as well as purely virtual ones.
Entities that use cyber space need to be cyber secure. However, the regulatory reform process for cyber security in the EU, the US and elsewhere has been very selective about the categories of entities that should carry a statutory duty to be cyber secure.

Legislation and Regulation

In February 2013, the European Commission published a proposal for a Directive on Network and Information Security, colloquially known as the NIS Directive or the Cyber Security Directive. The purpose of the Directive is to ensure a high common level of network and information security (NIS) within the EU. In March 2014, the European Parliament voted to adopt an amended version of the Directive. To become law the Directive has to be adopted by the Council of Ministers, which is yet to happen. After it is adopted, the EU member states will have to introduce their own national legislation, to transpose the Directive's requirements into their domestic law.

In addition to the NIS Directive, the EU has embarked on a variety of law reform initiatives that concern similar subject matter such as:

  • Draft General Data Protection Regulation (GDPR)
  • Draft Payment Services 2 Directive (PSD2)
  • Better Regulation Directive 2009
Policy and legal developments abroad support the point that the trajectory of the law is broadly the same the world over. The critical point of difference between jurisdictions concerns the introduction of ex ante regulatory frameworks to establish an enforceable duty of care for cyber security. The EU wishes to adopt an ex ante regime, unlike the United States (US), which prefers to use "soft law" mechanisms to achieve its ambitions for cyber security. However, the approach of the UK government is more consistent with the US approach than the EU approach. Where the US and EU is most aligned is on a duty of "breach disclosure", whereby the providers of critical infrastructures and services are required to notify regulatory bodies of serious cyber security incidents.

Cyber Security: Law and Guidance provides an overview of the key legal developments for cyber security in England and Wales, focusing on the proposed NIS Directive and related legal instruments, including those for data protection and payment services. It also provides insights into how the law is developed outside of regulatory frameworks, by reference to the "consensus of professional opinion" on cyber security, case law and the role of professional and industry standards for security.

Suggestions are made on how to build a "defensive shield" to protect an organisation from regulatory actions and litigation. With cyber security law destined to become heavily contentious legal privilege will be an advantage.

Organisations require expert assistance to operationalise these matters and Cyber Security: Law and Guidance provides this assistance.

Data Protection, IT and Internet Law
Chapter 1: Introduction
Chapter 2: Strategic Context
Chapter 3: Threats
Chapter 4: Vulnerabilities
Chapter 5: The Law
Chapter 6: Corporate Governance
Chapter 7: Industries
Chapter 8: The Legislation Post Brexit
Chapter 9: International Law
Chapter 10: The Interaction between States
Chapter 11: The Information Commissioner
Chapter 12: Employee Liability and Protection
Chapter 13: Data Security
Chapter 14: Data Breaches
Chapter 15: Litigation and Rules of Evidence
Chapter 16: Criminal Law
Chapter 17: Immunity, the Locus and Standing of the Accused
Chapter 18: How to Mitigate the Losses
Chapter 19: The Government's National Response
Chapter 20: Implementation Plan
Chapter 21: How to Defend
Chapter 22: Develop
Chapter 23: International Action
Chapter 24: Metrics
Chapter 25: Conclusion
Appendices: Sample Legal Documents, eg breach of disclosure letters, contractual clauses and policy frameworks