IAS 37 para 86, contingent liability in respect of cyber attack, disclosure as principal risk

International Consolidated Airlines Group, S.A. – Annual report – 31 December 2018

Industry: airline

31 Contingent liabilities and guarantees (extract)
Theft of customer data at British Airways
On September 6, 2018 British Airways announced the theft of certain of its customers’ personal data. Following an investigation into the theft, British Airways announced on October 25, 2018 that further personal data had potentially been compromised. As at the date of this report, BA was not aware of any confirmed cases of fraud. British Airways continues to cooperate with the investigations of the UK Information Commissioner’s Office and other relevant regulators. British Airways has received letters before action from certain UK law firms threatening claims arising from the data breach. Additionally, a putative class action has been filed in the Eastern District of New York, USA. The outcome of the various investigations and litigation, which British Airways will vigorously defend, is uncertain. British Airways holds certain insurance policies.

Strategic Report (extract)
Risk management and principal risk factors (extract)
Business and operational risks (extract)
The theft of data from British Airways customers in September 2018 as a result of a criminal attack on its website demonstrates the increased risk threat around cyber. The Group continues to lead the response to technical and organisational security defences and incident response plans for each operating company.

Business and operational (extract)