Skip to main content

News story

February 12, 2018

Cybercrime: Managing the legal issues for victims

Government statistics show that nearly seven out of 10 larger firms in the UK have been hit by a cyber-attack or a breach in the last year

It is not just the big names with an online presence being targeted by cybercrime. Increasingly smaller companies are finding themselves in the firing line, with nearly half of all UK businesses reporting at least one attack or breach.

Over 4 million individuals have also been victims of cybercrime, with 66% of cases resulting in a loss of money or goods.

Cyber Criminal

Cyber-attacks can cause havoc to a business. As well as raising questions about the security of IT systems, it also brings up many legal implications too. Just as it is a relatively new and constantly developing problem, it is also a relatively new and complex field requiring expert legal knowledge.

If your business has been the victim of a cyber-attack, you could face a number of repercussions that can affect your profits:

  • claims from customers who have suffered a financial loss as a result of the attack;
  • loss of client data;
  • disruptions of sales/staff work time; and
  • damaged reputation.

Business owners can also face claims from customers for breach of data protection. If your contracts with clients state your responsibility for data protection, you could have to deal with being held in breach of contract.

What responsibilities do businesses have regarding customer data?

Under the 1998 Data Protection Act (the DPA), organisations must take “appropriate technical and organisational measures” to protect personal data from unauthorised access or disclosure. However, as legal firms have discovered over the last few years, the DPA has some serious holes in it that are being exploited, leaving businesses reeling from the attack and subsequent fallout.

To shore up those holes, in May 2018, the EU’s General Data Protection Regulation (GDPR) will come into force. This will require all organisations to undertake data protection impact assessments for the riskiest uses of personal data.

It means that companies will need to ‘continuously’ identify risks that could put personal data at risk. Fines for any breach are expected to be significantly higher to a maximum of €20million or 4% of annual global turnover, whichever is higher. There will also be new legal obligations to report serious data security breaches and clearer guidelines on what data is regarded as ‘vulnerable’.

The government has already stated that this regulation will continue to be enforced after Brexit.

In the short-term

Investigation

Be prepared for an in-depth investigation into any cyber breach, so ensure you have a solid plan of action to cope. Our lawyers can help you to decide if the incident needs to be reported to the Information Commissioners Office (the ICO). Ensuring that breaches are reported sooner rather than later, and with full disclosure and details of preventative action initiated as a result, can mean the difference between a ‘lessons learned’ scenario or regulatory enforcement.

Dealing with claims

Seek legal advice around any liability claims arising from the cyber breach. This could include investigating the contractual position with any outsourced IT or virus protection providers to see if any losses can be recovered.

In the long-term

Risk assessment

Cyber security risks should be assessed, and a cyber security plan must be implemented. Because the threats to businesses are constantly changing, this needs to be reviewed to ensure you comply with legal obligations, giving customers and clients that all-important peace of mind that their data is safe.

Review and training

Your legal team can advise on any review of systems to protect your business from future attacks and training required to help staff respond effectively.

Prevention

Our lawyers can review your situation before you fall foul of an attack. They can check that your business complies with legal requirements and has the correct contracts, policies and procedures to protect it effectively.

Speak to data protection specialist Veronica Hartley today.

Note: This is not legal advice; it provides information of general interest about current legal issues.

Stay in touch

Subscribe to our newsletter

Stay in touch

By completing your details and submitting this form you confirm you are happy for us to send you marketing communications and that you agree to our Website Privacy Policy and Legal Notice and to us using Mailchimp to process your data.


Sending

News/Insight

  • Why is clear contract drafting important?
    How simple contract clauses can protect your business.


    Read more
  • Ensuring equality: A legal guide to responsibilities and compliance
    Understanding equal opportunities in the workplace


    Read more
  • Navigating the Economic Crime and Corporate Transparency Act 2023: What it means for your business
    The Economic Crime and Corporate Transparency Act 2023 (the Act) represents a significant shift in the UK's approach to combating economic crime, improving corporate transparency, and anti-mo


    Read more
  • Blowing kisses, not boundaries
    Tribunal clears air on workplace etiquette.


    Read more
  • Estate planning: How not to make mincemeat of it!
    The High Court has confirmed that a will handwritten on the back of two cardboard food packages is legally binding.


    Read more

What they say...

  • Leann Paris, March 2025
    “From the beginning to the end, the support we have received throughout the case with all the staff members has been far more than we expected, we got kept up to date with every single matter, I have had stressful few years but Charlotte and he

  • C Smith, March 2025
    “As executor of a will it was a relief for a solicitor to act on my behalf as though no disputes it was still a lengthy and complex process. It was dealt with mostly by Charlotte B. who kept me informed at all times. She explained the process c

  • Marc, March 2025
    “RIAA Barker Gillette were engaged to handle a real estate transaction with unusual circumstances. As a non-UK resident unfamiliar with English conveyancing procedures, I felt completely satisfied with the depth of the information and explanati

  • Leigh, March 2025
    “Instructed Martin on my first property purchase. He was a delight to work with, kept me informed and updated regularly. It was an incredibly smooth and quick process. Couldn’t be happier.”

  • Ms Brownell, March 2025
    “Patrick was amazing from start to finish. He made the process so easy, and explained each step in detail ahead of time so I’d understand what would happen and when. He was incredibly organized and noted every detail, calling out things t

Read more
Send this to a friend