Tuesday, 3rd September, LegalTech in Leeds, in partnership with The University of Law hosted a Cyber Security Learning Lunch.
Speakers:
As we kicked off our Autumn events, the focus was squarely on cyber security—a topic of increasing importance in today’s digital landscape. This Cyber Security Learning Lunch provided our community with invaluable insights from industry experts on how to safeguard against the ever-present threat of cyber incidents. After a warm welcome from Julian Wells Director at Whitecap Consulting, an overview of upcoming LegalTech in Leeds events, and an update from Hayder Almazraqchi from the The University of Law the session began.
People: Your strongest asset or weakest Link?
The overarching theme of the event was clear: your people can either be your greatest defence or your weakest link when it comes to cyber security. Laura Kaung, Senior GRC Consultant at Next Generation Security, emphasised the critical role that human behaviour plays in cyber defence, particularly in the context of social engineering.
Laura shocked attendees by highlighting that even basic cyber security practices, such as creating strong passwords, are still often neglected. Through a series of interactive games, we quickly discovered how easy it is to guess commonly used passwords—reminding us that ongoing training and the cultivation of a strong cyber culture within organisations are essential.
Curious about the most hackable pop-culture references? Check out the list below—Super Hero fans, you might want to look away!
Laura further underscored the importance of comprehensive policies, procedures, and regular, interactive training to instil a culture of cyber awareness. She shared that human error is a major contributing factor data breaches and cyber incidents. Some reports suggest it could be as high as 95%, according to IBM’s Cyber Security Intelligence Index Report. This statistic alone is a stark reminder of the need for continuous education and vigilance.
The 2024 X-Force Threat Intelligence Index provides revelations on how cybercriminals are shifting focus to paths of least resistance, exploiting the “human attack surface” to advance their objectives
Max Jagger and Jim Whittle from Towergate Insurance Brokers expanded on the necessity of cyber insurance, explaining its vital role in protecting businesses financially in the event of a cyber incident. They noted that while cyber insurance is becoming more common, there is still a significant portion of businesses that remain uninsured.
Key findings from the Gov.uk's Cyber Security Breaches Survey 2024 shows around four in ten businesses (43%) and a third of charities (34%) report being insured against cyber security risks rising to 62% of medium businesses and 54% of large businesses (i.e. cyber insurance is more common in medium businesses than large ones).
However, according to Max, these figures don't align with broker insight.
“At Towergate we routinely assess the market penetration of Cyber Package policies from the UK's leading providers, and we find that the take up figures are usually lower. Also, it is important to be aware that not all cyber insurance policies are equal. The widest level of cover will likely provide proactive tools to help a business manage risk, include training for employees and will support a business to improve its resilience against the impact of a cyber event.”
Max and Jim's discussion touched on the various insurance products available and highlighted the importance of having skilled negotiators in the event of a breach. As Max and Jim explained, the difference between a smooth resolution and a chaotic one can often hinge on the expertise of your incident response team.
A sentiment shared by all the speakers was that a hacker doesn't really care who you are. They are in it for the financial gain, so businesses shouldn't fall into a false sense of security thinking they might not be a target.
The session also delved into the specific challenges faced by the legal industry, where long hours and high-stress levels are prevalent. According to a survey by Legatics, 92% of lawyers have experienced stress or burnout due to their job, with 25% experiencing it daily.
One particularly cautionary tale involved a hacker who exploited a conveyancer’s inbox while they were on leave, highlighting the risks that come with fatigue and burnout.
The session touched lightly on what happens in the event of a data breach and what to do. It’s essential to act swiftly and in accordance with regulatory requirements. The Information Commissioner's Office (ICO) mandates that breaches be reported within 72 hours of becoming aware of them, particularly if they pose a risk to individuals' rights and freedoms. This involves a detailed account of the nature of the breach, the data affected, and the measures taken to address it. Failure to comply with these obligations can result in significant penalties, underscoring the importance of robust incident response protocols.
For those interested in understanding the real-world implications of insufficient technical and organisational measures, or non-compliance with general data processing principles, visit Enforcement Tracker to explore recent fines and enforcement actions. It’s a sobering reminder of the high stakes involved in data protection.
Our Cyber Security Learning Lunch served as a crucial reminder that in today’s digital world, prevention and preparation are key. Whether it’s through strengthening your team’s cyber awareness or ensuring you have the right insurance cover, the cost of a cyber incident is something no business can afford to ignore
What a great day to share this article...
