While the details of the U.K. Information Commissioner’s Office’s recent mega-fines against Marriott and British Airways have not been published, there are clear trends in the enforcement actions taken by the ICO that may provide useful guidance to data controllers in preventing, managing and mitigating cybersecurity risks and data breaches, Andrew Moir, Duc Tran and Peter Dalton, attorneys at Herbert Smith Freehills, argue in a guest article. They detail recent cases and explore connected issues such as the importance of cyber due diligence, the insurability of cyber risks in the context of GDPR fines and recovery in the supply chain following a cyber incident. See “Irish DPC Helen Dixon on GDPR Enforcement Hurdles One Year In” (May 29, 2019).