Skip to content

Information Commissioner’s Office: Cyber Security Document

The ICO’s recent report makes informative and interesting reading.

The last decade or so has seen the huge migration of personal information into the digital space, and as such, every firm holding the personal details of its customers must ensure that such data is held as securely as possible, not only to protect the individual customer but also the business itself. Cyber-attacks can have a catastrophic impact and, in worse case scenarios, can effectively shut down a business.

Cyber-attacks are multi-faceted and increasing at alarming rates. The ICO explains what the main types of attack are (malware, ransomware, phishing, brute force, denial of service, errors, supply chain attacks), gives examples, and outlines how to reduce the risk of attack.

Our View?

Cyber security is a crucial part of protecting information, and it is important to note that security breaches frequently lead to information breaches. Not only can these attacks be extremely disruptive, but the resultant costs can be astronomical, as can the fines imposed by the ICO for breaches, so firms need to make sure that they remain diligent.


Your regulatory planning and Consumer Duty obligations mean that you should carefully consider what security you need to protect your clients’ personal information.

This article does not cover cyber insurance, but this is another important consideration because most PII policies don’t provide coverage.

If personal information is at risk, you may need to report the breach to the ICO within 72 hours.

Author - Huw Reynolds - Compliance Specialist

How can we help you?

Thistle Initiatives has supported credit firms for over 10 years as a trusted compliance and regulatory adviser. In addition to assisting these firms as-and-when, our team of specialists can serve as your right hand in meeting and complying with FCA regulations. We understand the importance of staying up-to-date and compliant and are dedicated to providing the guidance and support needed to do so.

Contact our specialist team now by calling 020 7436 0630 or sending an email to