Following on from our alert in relation to technology, data privacy, cybersecurity and IP legal developments to look out for in 2023, this update outlines some of the potential developments and trends in the UK cyber incident response landscape for 2023.
Increased litigation risk for cyber breach victims – the Information Commissioner’s Office begins naming and shaming data breach victims
At some point in summer 20221, the UK Information Commissioner’s Office (the “ICO“) quietly began publishing the names of organisations who have notified them of a data breach or cyber incident. Historically, the ICO would keep such notifications confidential in an effort to promote prompt and transparent notifications from such companies.
However, since as early as 2019, the ICO have publicly committed to an open and transparent approach to its work and in particular in relation to the organisations which it regulates and the data breaches suffered by such organisations. This shift was further emphasised in a November 2022 speech by the Information Commissioner himself, John Edwards, and the move towards the publication of breach data appears to be related to this commitment to an open and transparent approach. It is unclear why the ICO have only moved to implement such an approach now, however.