Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Cayman Islands: Ombudsman issues enforcement order against Jacques Scott Group following ransomware attack
The Office of the Ombudsman ('the Ombudsman') announced, on 22 March 2021, that it had issued an enforcement order against Jacques Scott Group Ltd. following a ransomware attack. In particular, the Ombudsman noted that the company had failed to take adequate technical and organisational measures to protect against unauthorised processing of employee, shareholder, and pension account member personal data, and had failed to incorporate certain mandatory provisions into its agreement with its IT provider. However, the Ombudsman noted that there appears to be no customer data which has been accessed and no serious or ongoing consequences for the compromised data.
In order to prevent future ransomware attacks, the Ombudsman recommended future steps including:
- providing training to employees on cybersecurity prevention and response;
- enabling logs on all critical network devices to ensure information is kept in the event of future cyber attacks;
- ensuring multiple backups of information are maintained with at least one backup kept off-site; and
- implementing periodic vulnerability assessments to identify IT security weaknesses.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
