Ten-fold increase in security breach cases since GDPR, claim lawyers

Last year, Fieldfisher handled about three new cases a month. Today, it's handling one new case every day

City law firm Fieldfisher claims that there has been a ten-fold increase in the level of cyber-security incidents that it is handling, with the number of significant new cases increasing from around three per month to at least one every day.

The increase was acknowledged today by James Seadon, a cyber-security lawyer and lead lawyer in Fieldfisher's data disputes practice.

His comments follow on from the British Airways security breach, and come after the General Data Protection Regulation (GDPR) was fully introduced in May, which obliged companies to publicly report security breaches potentially affecting personal data within 72 hours of discovery.

"We're certainly seeing a substantial uptick in breach advice work since 25 May," Seadon told Computing, adding that most of the business was not of the scale of the British Airways security breach.

He continued: "Most of this, and many of the resulting notifications, are on the smaller side, such as technical breaches; the kind of incident that we wouldn't expect the Information Commissioner's Office (ICO) to prioritise for enforcement action.

"But we're also seeing more of the bigger breaches.

"There will be a number of reasons for this, one of which is that as our economy becomes more reliant on technology, and criminals become more sophisticated, both accidental and malicious breaches will increase.

"But the GDPR notification regime is surely also having one of its intended effects: in other words, ensuring that serious breaches do not go unreported."

As a result, work for lawyers specialising in IT security has boomed, and even the ICO is struggling to keep up. "Unsurprisingly the ICO is very busy at present. The Commissioner is certainly still looking to grow her team, but had been expecting this surge in activity and has put some processes in place to manage it, including new mechanisms for incident reporting," Seadon added.

Law firms such as Fieldfisher, he added, don't just handle the legal consequences of a breach, but also help organisations to build their business processes around prevention and response.

"We've been talking about what happens after a breach, but we're also working closely with many of our clients, in the UK and internationally, to build and stress-test their incident response procedures; as ever prevention is always going to be better than cure.

"C-suite executives increasingly understand the importance of investing in advance to ensure that breaches are rare, and harm is minimal."

Computing's Cloud & Infrastructure Summit Live returns on Wednesday 19 September, featuring panel discussions with end-users, strategic and technical streams and a session with guest speaker Inma Martinez. The event is FREE to qualifying IT leaders and senior IT pros, but places are going fast. Register now!