Skip to main content

News story

February 12, 2018

Cybercrime: Managing the legal issues for victims

Government statistics show that nearly seven out of 10 larger firms in the UK have been hit by a cyber-attack or a breach in the last year

It is not just the big names with an online presence being targeted by cybercrime. Increasingly smaller companies are finding themselves in the firing line, with nearly half of all UK businesses reporting at least one attack or breach.

Over 4 million individuals have also been victims of cybercrime, with 66% of cases resulting in a loss of money or goods.

Cyber Criminal

Cyber-attacks can cause havoc to a business. As well as raising questions about the security of IT systems, it also brings up many legal implications too. Just as it is a relatively new and constantly developing problem, it is also a relatively new and complex field requiring expert legal knowledge.

If your business has been the victim of a cyber-attack, you could face a number of repercussions that can affect your profits:

  • claims from customers who have suffered a financial loss as a result of the attack;
  • loss of client data;
  • disruptions of sales/staff work time; and
  • damaged reputation.

Business owners can also face claims from customers for breach of data protection. If your contracts with clients state your responsibility for data protection, you could have to deal with being held in breach of contract.

What responsibilities do businesses have regarding customer data?

Under the 1998 Data Protection Act (the DPA), organisations must take “appropriate technical and organisational measures” to protect personal data from unauthorised access or disclosure. However, as legal firms have discovered over the last few years, the DPA has some serious holes in it that are being exploited, leaving businesses reeling from the attack and subsequent fallout.

To shore up those holes, in May 2018, the EU’s General Data Protection Regulation (GDPR) will come into force. This will require all organisations to undertake data protection impact assessments for the riskiest uses of personal data.

It means that companies will need to ‘continuously’ identify risks that could put personal data at risk. Fines for any breach are expected to be significantly higher to a maximum of €20million or 4% of annual global turnover, whichever is higher. There will also be new legal obligations to report serious data security breaches and clearer guidelines on what data is regarded as ‘vulnerable’.

The government has already stated that this regulation will continue to be enforced after Brexit.

In the short-term

Investigation

Be prepared for an in-depth investigation into any cyber breach, so ensure you have a solid plan of action to cope. Our lawyers can help you to decide if the incident needs to be reported to the Information Commissioners Office (the ICO). Ensuring that breaches are reported sooner rather than later, and with full disclosure and details of preventative action initiated as a result, can mean the difference between a ‘lessons learned’ scenario or regulatory enforcement.

Dealing with claims

Seek legal advice around any liability claims arising from the cyber breach. This could include investigating the contractual position with any outsourced IT or virus protection providers to see if any losses can be recovered.

In the long-term

Risk assessment

Cyber security risks should be assessed, and a cyber security plan must be implemented. Because the threats to businesses are constantly changing, this needs to be reviewed to ensure you comply with legal obligations, giving customers and clients that all-important peace of mind that their data is safe.

Review and training

Your legal team can advise on any review of systems to protect your business from future attacks and training required to help staff respond effectively.

Prevention

Our lawyers can review your situation before you fall foul of an attack. They can check that your business complies with legal requirements and has the correct contracts, policies and procedures to protect it effectively.

Speak to data protection specialist Veronica Hartley today.

Note: This is not legal advice; it provides information of general interest about current legal issues.

Stay in touch

Subscribe to our newsletter

Stay in touch

By completing your details and submitting this form you confirm you are happy for us to send you marketing communications and that you agree to our Website Privacy Policy and Legal Notice and to us using Mailchimp to process your data.


Sending

News/Insight

  • Supporting neurodiverse people in family law matters
    Understanding neurodiversity in the legal context.


    Read more
  • Supreme court ruling on referees’ employment status
    In PGMOL v HMRC, the Supreme Court considered whether professional referees were self-employed. The case has the potential for far-reaching implications across the employment world.


    Read more
  • Business First Magazine
    Read our expert insights on key workplace and corporate issues.


    Read more
  • Why is clear contract drafting important?
    How simple contract clauses can protect your business.


    Read more
  • Ensuring equality: A legal guide to responsibilities and compliance
    Understanding equal opportunities in the workplace


    Read more

What they say...

  • Anon, April 2025
    “Whistleblowing dismissal claim and settlement negotiations I can not speak highly enough of this firm and [Patrick Simpson], they were not only understanding of my case needs they also worked with the up most integrity and professionalism to e

  • Patrick, April 2025
    “We had a long process handled by Charlotte & James from RIAA Barker Gillette. Even though we were outside the UK Charlotte & James we’re always available and we developed a great working relationship with them.They gave sound advice,

  • Leann Paris, March 2025
    “From the beginning to the end, the support we have received throughout the case with all the staff members has been far more than we expected, we got kept up to date with every single matter, I have had stressful few years but Charlotte and he

  • C Smith, March 2025
    “As executor of a will it was a relief for a solicitor to act on my behalf as though no disputes it was still a lengthy and complex process. It was dealt with mostly by Charlotte B. who kept me informed at all times. She explained the process c

  • Marc, March 2025
    “RIAA Barker Gillette were engaged to handle a real estate transaction with unusual circumstances. As a non-UK resident unfamiliar with English conveyancing procedures, I felt completely satisfied with the depth of the information and explanati

Read more
Send this to a friend