Cyber security | UK Regulatory Outlook July 2023
Published on 26th Jul 2023
Communications Committee launches inquiry into LLMs | NCSC publishes cyber threat report for the UK legal sector | Cyber essentials scheme process evaluation
Communications Committee launches inquiry into LLMs
On 7 July 2023, the Communications and Digital Committee launched an inquiry into large language models (LLMs) and how the UK can respond to their opportunities and risks in the next few years.
This will involve evaluating the work of the government and regulators and how well the current regulatory approach addresses current and future technological capabilities.
The government is also seeking evidence on the risks that the proliferation of artificial intelligence (AI) tools will pose, such as spreading disinformation, hacking, fraud and scams. Generative AI, in particular, has been used by criminals to create advanced malware and automate cyberattacks.
The deadline for written submissions is 5 September 2023.
NCSC publishes cyber threat report for the UK legal sector
On 22 June 2023, the National Cyber Security Centre (NCSC) published the report "Cyber Threat Report: UK Legal Sector", which provides an overview of the growing cyber threat to the legal sector, along with recommendations on improving cyber resilience.
The report explains that law firms are becoming increasingly vulnerable to cyberattack due to the adoption of remote working practices and the increasing sophistication of cyberattacks.
The report offers practical guidance for law practices of all sizes on how to be resilient to these threats, pointing to the range of free services available that can help protect their organisations, suppliers and clients against cyber threats such as the Early Warning service, which can inform organisations of potential cyberattacks on their networks.
Cyber essentials scheme process evaluation
On 22 June 2023, the government published the results of a research study into the implementation and operation of the Cyber Essentials scheme run by the NCSC, which aims to help organisations of all sizes defend against common cyber threats.
Surveyed organisations were asked their reasons for choosing to become Cyber Essentials certified, with the three most popular responses being:
- to reassure customers about IT security;
- to improve cyber security and resilience; and
- to meet public sector contract requirements.
Organisations that have never held Cyber Essentials tend to be micro organisations that mainly do business on their phone, do little business online, use paper-based records, and are content with using free internet security software.
Cybersecurity in the UK research briefing
On 22 June 2023, the House of Commons Library published a research briefing that provides a helpful overview of cybersecurity in the UK.
It sets out the regulatory framework and discusses some proposals for reforming cybersecurity law, including the degree to which "ethical hackers" – cybersecurity experts using illegal hacking techniques – should be protected from prosecution, and whether ransomware payments should be banned.
Call to action
It is important to check whether your organisation is adequately protected from potential supplier data breaches. For example, Cl0p, the threat group behind the MOVEit supply chain attack, has continued to add new victims to its leak site.
It is important for businesses to check whether any newly named organisations are suppliers that hold personal data as it may be necessary to report data breaches to regulators such as the Information Commissioner's Office (ICO) or the Financial Conduct Authority (FCA).