What does the Cyber security topic cover?

It covers the main cyber threats and vulnerabilities (malware, phishing, social engineering, hacking and denial-of-service, plus insider and physical threats), the technical and behavioural methods used to protect systems and data, the consequences of cyber attacks and data loss and how organisations recover through backups and business continuity, and the main laws affecting digital technology: data protection law, the Computer Misuse Act and copyright law. It is part of Unit 1, The Digital World.

What is the difference between malware, phishing and a denial-of-service attack?

Malware is malicious software such as viruses, worms, ransomware, spyware and trojans, designed to damage or gain access to a system. Phishing uses fake messages pretending to be from a trusted organisation to trick people into revealing details, and is a form of social engineering. A denial-of-service attack floods a system with traffic so it is overloaded and cannot respond to legitimate users.

What methods protect systems and data from cyber threats?

Technical methods include strong passwords and two-step verification, firewalls, antivirus software, encryption, software updates and patches, backups, and access rights. Behavioural methods include user training to recognise phishing and follow safe habits. Physical security and access control protect the hardware and premises. Strong security layers several of these methods together.

What is encryption and why is it used?

Encryption scrambles data using a key so that it is unreadable to anyone without the correct key to decrypt it. Organisations encrypt sensitive data so that, if it is intercepted during transfer or stolen, for example on a lost laptop, it cannot be read or used by the attacker. It protects confidentiality and helps meet the legal duty to keep personal data secure.

What are the consequences of a cyber attack?

For an organisation, consequences include financial loss (repair costs, fines, lost sales), reputational damage, legal penalties for failing to protect personal data, and operational disruption while systems are restored. For individuals, consequences include identity theft, financial fraud and loss of privacy. Recent, safely kept backups and business continuity planning are central to recovery.

What laws affect the use of data and computers?

Data protection law governs how personal data is collected, stored and used, requiring it to be kept secure, used for a lawful purpose, accurate and only kept as needed, with individuals' rights respected. The Computer Misuse Act makes unauthorised access to computers and data, and interfering with them, a criminal offence. Copyright law protects original work and makes copying or using it without permission illegal.

WalesDigital Technology

WJEC GCSE Digital Technology Cyber security: threats, protection, recovery and the law

A deep-dive WJEC GCSE Digital Technology guide to the Cyber security content of Unit 1. Covers cyber threats and vulnerabilities, technical and behavioural protection methods, the consequences of attacks and recovery through backups and continuity planning, and the main laws: data protection, the Computer Misuse Act and copyright.

Generated by Claude Opus 4.814 min read3540QS Unit 1 Cyber securityUpdated 2026-06-15

Reviewed by: AI editorial process; not yet individually human-reviewed

Jump to a section

Threats and vulnerabilities
Protection methods
Consequences and recovery
The law
How to study this topic
The Cyber security dot points
For the official specification

The Cyber security content of WJEC GCSE Digital Technology Unit 1 covers the threats to digital systems and data, how to defend against them, what happens when an attack succeeds, and the laws that govern data and computer use. This guide maps the topic and links to a focused answer page for each examinable point, all assessed in Unit 1, The Digital World.

Threats and vulnerabilities

A cyber threat is anything that could harm a system or its data; a vulnerability is a weakness an attacker exploits.

Malware - malicious software: viruses, worms, ransomware, spyware, trojans.
Phishing - fake messages tricking people into revealing details (a form of social engineering).
Hacking - unauthorised access to systems or data.
Denial-of-service (DoS) - flooding a system so it cannot respond.
Insider and physical threats - misuse by people inside the organisation, and theft or damage to devices.

Common vulnerabilities are weak passwords, out-of-date software, untrained users and unsecured networks.

Protection methods

Strong security layers technical and behavioural controls.

Method	How it protects
Strong passwords + two-step verification	Make unauthorised login much harder
Firewall	Controls network traffic, blocks unauthorised connections
Antivirus	Detects and removes malware
Encryption	Scrambles data so it is useless if stolen
Updates/patches	Fix known security flaws
Backups	Allow recovery of lost or encrypted data
Access rights	Limit who can see or change data
User training	Helps people spot phishing and stay safe

Physical security and access control protect the hardware and premises.

Consequences and recovery

A successful attack causes financial, reputational, legal and operational harm for organisations, and identity theft and fraud for individuals. Organisations recover using backups (recent and safely kept, ideally off-site or offline), a disaster recovery plan (how to restore systems) and business continuity planning (how to keep operating during and after an incident).

The law

Three laws are central:

Data protection law - personal data must be kept secure, used for a lawful purpose, accurate, kept only as needed, with individuals' rights respected.
Computer Misuse Act - unauthorised access to computers and data, and interfering with them (hacking, spreading malware), is a criminal offence.
Copyright law - copying, sharing or using someone's original work (software, music, images, text) without permission is illegal.

How to study this topic

Learn each threat with a precise definition and be able to identify it from a scenario.
Know both technical and behavioural protection methods and match them to threats.
List a range of consequences (financial, reputational, legal, operational; identity theft for individuals).
Explain how backups and continuity planning aid recovery.
Keep the three laws distinct and practise "which law applies" questions.

The Cyber security dot points

Each examinable point has its own answer page with worked exam questions and cross-links:

For the official specification

WJEC publishes the full Digital Technology specification, past papers and mark schemes at wjec.co.uk. Always revise from the current specification and WJEC's own past papers, because question style is board-specific.

Sources & how we know this

WJEC GCSE Digital Technology specification — WJEC (2021)