Follow us

Welcome to HSF’s May wrap up which features our top picks for cyber-related news in the UK, EMEA and US.

In a world overflowing with individual incidents and long-form analysis, our short articles are aimed at cutting through the noise, pointing you to key developments, providing you with learning points at a glance and signposting you to longer form content. If you would like to find out more, do reach out to one of our international team.

Guidance for organisations considering payment in ransomware incidents

National Cyber Security Centre – 14 May 2024

Ransomware attacks continue to be a significant threat faced by organisations in the UK. Leading insurance bodies including the Association of British Insurers (ABI); British Insurance Brokers' Association (BIBA); International Underwriting Association (IUA); and National Cyber Security Centre (NCSC) provide constructive guidance aiming to help reduce the impact of an incident.

The US SEC adopts amendments to Regulation S-P

Securities and Exchange Commission – 16 May 2024

Released 16 May 2024, the Securities and Exchange Commission (SEC) will require broker-dealers to notify customers in the event of a data breach in addition to the current safeguards rule maintaining policies and procedures for incident response and consumer information. The final rule will become effective 2 August 2024.

The Council of the EU formally adopts the AI Act

European Union – 14 May 2024

As of 21 May 2024, the Council of the European Union approved the final text from the previous plenary session on 13 March 2024. The AI Act will enter into force 20 days after publication in the Official Journal of the European Union and is fully applicable after 24 months.

Colorado enacts SB 24-205, a law aimed at protecting consumers interacting with AI systems

Colorado.gov – 17 May 2024

Like the EU AI Act, Senate Bill 24-205 takes a risk-based approach to AI. The regulation holds deployers of high-risk AI systems accountable for risk management and governance, requiring transparency and documentation of training data to prevent algorithmic discrimination. SB 24-205 will take effect 1 February 2026.

UK Government publishes the Cyber Security Sectoral Analysis 2024 providing insights on the size and scale of the UK's cyber security industry

Gov.uk – 15 May 2024

The report provides insight into the revenue generated by the cyber security sector; new businesses emerging in this space; and employment statistics in comparison to last year.

Politicians and election officials offered cyber protection ahead of UK election

Reuters – 15 May 2024

Following the British government's warning of a growing threat to democracy due to various cyber security concerns including fake AI-created content and disinformation, the country's cyber experts have offered support to politicians, election officials and other high risk individuals. The National Cyber Security Centre has said accounts of election candidates and officials are " almost certainly attractive targets for cyber actors looking to carry out espionage operations".

Council of the EU approves conclusions for a more cyber secure and resilient Union

Council of the European Union – 21 May 2024

As part of its attempts to build a more cybersecure and resilient European Union, the Council of the EU has approved conclusions focused on the future of cybersecurity. The conclusions recall the importance of the implementation and strengthening of cybersecurity rules in sectorial legislation and encourage a multistakeholder approach to close the skills gap. In light of these, the Council has invited the European Commission and the High Representative to present a revised cybersecurity strategy.

UK Government calls for views on the AI Cyber Security Code of Practice

Gov.uk – 24 May 2024

From 15 May 2024 to 9 August 2024, the UK Government will be holding a 12 week Call for Views on the AI Cyber Security Code of Practice. The Code sets out practical steps for stakeholders across the AI supply chain and applies to all AI technologies. It is intended to help ensure that security is effectively built into AI models and systems as well as across the AI lifecycle. Stakeholders are encouraged to respond to the Call and provide specific feedback on the interventions and make recommendations regarding other policy options.

Results of the McPartland Review into Cybersecurity as an enabler of Economic Growth published

Stephen-McPartland.com – 28 May 2024

Featuring 16 recommendations, the McPartland Review into Cyber Security as an enabler of Economic Growth has been published. The recommendations range from a new CyberCharter to help build resilience and recovery into supply chains to Cyber Education and sharing threat intelligence to build consistent datasets for industry, academia and government. The UK Government has welcomed the Review while stating that they cannot publish a formal response until after the General Election. Read the report here.