The legal system persists in framing "computer crime" through the archaic lens of tangible property—theft and conversion—despite the fact that information is non-rivalrous and easily duplicated without depriving the original owner of possession. Recent federal indictments, such as the Van Dyke and SPLC matters, reveal a "doctrinally aggressive" expansion where the government claims universal ownership of information to prosecute misuse rather than disclosure. As the Supreme Court moves to narrow the Computer Fraud and Abuse Act (CFAA) and reject "right to control" theories, a widening gap emerges between prosecutorial tactics and judicial constraints, highlighting a desperate need to shift the legal focus from "ownership" to duties of confidentiality and authorized use.

The post It’s Not the Computer, Stupid. It’s the Information in It. Two Recent Indictments Stretch the Limits of “Theft” of Information. appeared first on Security Boulevard.

For decades, the "gray area" of undercover research was governed by internal policies. The SPLC indictment suggests that internal oversight is no longer a shield.

The post When Research Becomes a Crime: The New Risk Landscape for OSINT and Dark Web Intelligence appeared first on Security Boulevard.

There is a certain irony in watching a statute designed to prevent clandestine eavesdropping on telephone calls become one of the most aggressively deployed tools against ordinary website functionality. The federal Wiretap Act—codified as part of the Electronic Communications Privacy Act (“ECPA”), 18 U.S.C. §§ 2510–2522—was never intended to regulate marketing pixels, session replay scripts,..

The post From Analytics to “Interception”: How Website Tracking Became a Wiretap Problem—and What Companies Should Do About It appeared first on Security Boulevard.

This article was originally published in EdTech Digest on 03/24/26 by Charlie Sander. To fight “digital ghosting,” schools need a smarter approach to device use, student safety, and digital wellbeing While physical attendance has long been the primary metric for school safety and success, a more insidious trend is emerging that data alone often misses. I ...

The post EdTech Digest | How to Fix the Digital Ghosting Epidemic appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post EdTech Digest | How to Fix the Digital Ghosting Epidemic appeared first on Security Boulevard.

The dark web is often misunderstood, but it plays an important role in both privacy technology and cybercrime activity. In this episode, Tom Eston speaks with cybersecurity researcher and educator John Hammond about what the dark web actually is and how it has evolved in recent years. The discussion covers underground marketplaces, ransomware leak sites, […]

The post The Dark Web Explained with John Hammond appeared first on Shared Security Podcast.

The post The Dark Web Explained with John Hammond appeared first on Security Boulevard.

💾

California’s privacy regime has evolved. As of January 1, 2026, the CCPA/CPRA now mandates risk assessments, automated decision-making (AI) oversight, and independent cybersecurity audits.

The post California Gets Serious About Regulation (Again) appeared first on Security Boulevard.

Written by Sean Tilley, Senior Sales Director EMEA at 11:11 Systems

 

Cyber downtime carries measurable financial consequences, and those consequences are becoming clearer with each major incident. Research from 11:11 Systems shows that 78% of European organisations report losses of up to $500,000 per hour following a cyber-related outage, while 6% face costs exceeding £1 million per hour. When recovery extends beyond containment, the disruption begins to register in revenue performance, contractual exposure, and customer stability rather than remaining confined to the technology function.

For UK leadership teams, the issue centres on continuity of income, fulfilment of obligations, and the strength of customer relationships under strain.

 

Recovery delays compound risk

Half of organisations surveyed require between one and two weeks to fully recover from a cyber incident. Over that period, cost exposure builds in ways that are rarely reflected in early estimates.

 

Revenue stalls, particularly where digital platforms underpin billing and subscriptions, while service commitments are breached, supply chains experience secondary disruption, and internal teams divert time and budget away from planned initiatives towards remediation and communications.

 

Extended recovery places additional pressure on customer relationships, especially in sectors where availability is assumed as standard. Regulatory scrutiny increases in parallel, particularly under UK GDPR and sector-specific resilience requirements, where organisations must demonstrate that appropriate safeguards were established before the incident occurred.

 

A significant proportion of the cost emerges over time rather than immediately. Insurance premiums adjust at renewal, forensic specialists and legal advisers remain engaged, customer notification programmes continue long after systems are restored, and remediation work extends into future quarters. By the time the full impact is visible, the loss total often exceeds initial projections.

 

According to Cyber Monitoring Centre recent UK attacks across retail, healthcare and critical infrastructure have collectively cost businesses more than £1.9 billion. At an individual level, even a contained incident can translate into multi-million-pound losses once revenue interruption, remediation spend and longer-term customer attrition are properly accounted for.

 

Recovery time remains the decisive variable, steadily increasing commercial strain and regulatory attention the longer disruption persists.

 

For boards, cyber downtime is no longer a technical failure but a test of governance. In the immediate aftermath of an incident, external scrutiny rarely focuses on how the attack occurred. Instead, attention turns to whether leadership understood its exposure, validated recovery assumptions and exercised informed oversight before disruption struck. Where recovery falters, questions follow around board assurance, investment prioritisation and whether resilience was treated as a compliance exercise rather than a core commercial safeguard worthy of sustained board attention. In that context, prolonged downtime can quickly become a proxy for broader leadership risk.

 

The preparedness gap

Despite recent high-profile incidents, many organisations still overestimate their ability to recover.

Backup environments may exist without having been stress-tested under realistic conditions, recovery objectives are documented but rarely validated, crisis governance structures that appear clear on paper can lose coherence under pressure and visibility across cloud platforms, SaaS providers, and outsourced partners frequently remains incomplete.

 

Modern enterprises operate across layered digital ecosystems that depend on managed services, third-party infrastructure, and interconnected suppliers, each introducing dependencies that may sit outside direct oversight. Without a consolidated view of these relationships, recovery planning remains fragmented and assumptions around restoration timelines tend to be optimistic rather than proven. When those assumptions fail, cost exposure accelerates quickly.

 

Resilience as a strategic advantage

The organisations that recover fastest are rarely those with the most technology, but those with the clearest decision rights. During major incidents, value is lost less through system failure than through delayed executive judgement such as uncertainty over who authorises restoration priorities, how customer communications are sequenced, and which commercial trade-offs are acceptable under pressure. Boards that rehearse these decisions in advance shorten recovery by eliminating hesitation at the moment it matters most. In competitive markets, that decisiveness increasingly separates resilient businesses from those that merely survive disruption.

 

Containing the cost of downtime requires disciplined preparation rather than reactive response.

 

Scenario-based recovery testing that includes executive leadership brings clarity to decision-making authority, communication sequencing and operational prioritisation, while tabletop exercises expose governance gaps before they are tested in live conditions.

 

Disaster Recovery as a Service can materially reduce restoration timelines where isolated environments and immutable backups are properly implemented. Equal attention should be given to external dependencies, with clear understanding of partner capabilities, escalation paths, and recovery commitments established in advance of disruption.

 

Effective resilience planning therefore extends across internal systems, cloud providers, and supply chain partners, ensuring that recovery capability is aligned rather than siloed.

 

Preparation does not prevent incidents, but it materially reduces their financial and operational impact.

 

What This Means for Boards

The commercial exposure created by cyber downtime is now quantifiable and, in many cases, escalating. The central question for boards is how effectively the organisation can absorb disruption without sustained damage to revenue, customer trust or regulatory standing.

 

Organisations that embed recovery capability into broader business planning place themselves in a stronger position to manage that exposure with discipline, control and credibility.

The post The True Cost of Cyber Downtime: A UK Board-Level Briefing appeared first on Security Boulevard.