Unlike previous hacks in the past such as the Mossack Fonseca release of confidential information, these are financially motivated through the use of Ransomware. This is why it has never been more important for businesses to have full understanding of the requirements imposed on them by law to prevent financial and reputational loss to their business. Not only will a business suffer but individuals in that company, such as directors, may have criminal proceedings brought against them and could be subject to fines. This article will provide you with a quick overview of the cybersecurity legislation in place on the Isle of Man.

Types of threats

Historically the most common form of hacking is Phishing where a hacker will target an individual and through the use of either spam emails or fake websites, attempt to trick them into providing their personal details such as bank details or personal passwords. In the past few months, the threat of hacking has been growing at an alarming rate and hackers are deploying various new methods. They are deliberately targeting businesses that may potentially have overlooked their cybersecurity due to lack of threat in the past.

As mentioned, Ransomware has now been drawn into the public eye through many public attacks and due to the South Korean web provider Nayana paying out about $1 million in Bitcoins to the hackers. This may only further encourage others to pursue this potentially lucrative method. Ransomware is when software is maliciously deployed onto a computer that blocks access to data until a ransom is paid. In more elaborate attacks this can be combined with other hacking tools advertising a method preventing or removing the Ransomware in question, which in turn is malware software that causes further harm once downloaded.

Outline of the legal framework

In the Isle of Man at present there is no comprehensive piece of cybersecurity legislation, instead a number of different statues govern cybersecurity.

Data Protection Act 2002 (the DPA)

Regulates the storage of information and imposes obligations to protect personal data collected by a company through security measures under the Seventh Principle of the DPA. A breach of the obligation to keep data secure gives rise to potential criminal sanctions and/or financial penalties enforced by the Isle of Man Information Commissioner (the Commissioner).

Computer Security Act 1992 (the CSA)

The CSA criminalises the interference with computers without authority, including where the intention is to commit other crimes by means of accessing computers, altering computer programs or producing ‘hacking tools’. Offences under the CSA are not limited to the offenders being present in the Isle of Man.

View the below PDF version to find out more on who is responsible for cybersecurity in the Isle of Man, and what future development in this area may mean.

PDF Version

Twitter LinkedIn Email Save as PDF
More Publications
27 Sep 2022

Similar but Different

While the basic features of the trust remain, there are some notable differences in how trusts can b...

25 Jul 2022

Balancing Regulatory and Data Protection Compliance

This article considers data protection compliance in the context of financial services regulatory co...

Contributors: Claire Milne WS
30 Jun 2022

Getting into the Weeds: Isle of Man Regulation of Global Cannabis Investments

The global cannabis industry has grown rapidly in recent years as a number of jurisdictions have lib...

Contributors: Sophie Corkish
24 Feb 2022

Welcoming Fintech Innovation in the Isle of Man

The Isle of Man Financial Services Authority (IOMFSA) has published online support for fintech innov...

25 Nov 2021

Regulatory Approach to ESG across the Crown Dependencies

New requirements may require investment products to display a label reflecting their sustainability ...

25 Nov 2021

The International Comparative Legal Guide to Gambling 2022 – Isle of Man Chapter

This chapter was first published in The International Comparative Legal Guide to: Gambling 2022, by ...

Contributors: Sophie Corkish
30 Jul 2021

Fighting international fraud

First published in New Law Journal, July 2021. Appleby partners Anthony William and Jared Dann an...

Contributors: Jared Dann, Claire Corkish
28 Jul 2021

Trust Protectors and the Exercise of Trustee Powers

The recent judgment of the Staff of Government Division in the case of Mazzoleni v Summerhill Trust ...

Contributors: Erin Trimble-Cregeen
18 Jun 2021

Isle of Man – Extension of Economic Substance Requirements to Partnerships and Limited Liability Companies

The Income Tax (Substance Requirements) Order 2021 was approved by Tynwald on 16 June 2021.  This O...

12 Mar 2021

Material adverse change clauses in light of the Covid-19 pandemic

Experts from each of our key global offices provide jurisdiction specific advice and answer question...