Welcome to Mason Hayes & Curran’s Cyber/Data Breach Annual Review 2023.

Harnessing and understanding data is critical to success in most industries. This is a result of the world becoming increasingly digital. In the present day, the world at large accesses the internet daily for a variety of reasons and as a result, data is now a high value commodity requiring organisations to have robust cybersecurity measures in place.

In an era of rapid technological and legal advancements, ensuring the security of that data is paramount, particularly as cybercrime continues to rise in scale and complexity. Cybercriminals understand the value associated with data and continue to explore new methods to monetise the exploitation of data. In addition to monetary consequences, the loss or unauthorised disclosure of data can have additional serious operational and reputational implications for organisations, not to mention legal consequences such as regulatory enforcement. The last year has demonstrated that businesses must have robust and appropriate security systems in place to adequately protect themselves from falling victim to a cyber incident / data breach.

The potential pitfalls of sub-optimal data security were laid bare in 2023 as a result of several high-profile incidents which attracted significant media and regulatory attention.

The Data Protection Commission investigated a ransomware attack on Centric Health, and the MOVEit data breach impacted an estimated 2,000 organisations. We consider the lessons which can be gleaned from such incidents along with the implications of key European and Irish court decisions from 2023 which may increase the potential for those affected by data breaches to claim damages.

2023 also saw the progress of several significant pieces of legislation which will affect how businesses approach data security on a go forward basis, chief among them the Digital Markets Act and the Digital Operational Resilience Act. We cast an eye to the future and anticipate the implications of changes to the legal landscape for businesses that use data extensively. Enhanced legislative oversight as well as the proliferation of technologies such as generative AI are likely to be key themes in data security going forward.

This annual review aims to consider key developments in the cyber/data security space in 2023 and distil the most important lessons for businesses in the coming year. We hope you enjoy the first edition of this annual review.