Skip to main content

News story

February 12, 2018

Cybercrime: Managing the legal issues for victims

Government statistics show that nearly seven out of 10 larger firms in the UK have been hit by a cyber-attack or a breach in the last year

It is not just the big names with an online presence being targeted by cybercrime. Increasingly smaller companies are finding themselves in the firing line, with nearly half of all UK businesses reporting at least one attack or breach.

Over 4 million individuals have also been victims of cybercrime, with 66% of cases resulting in a loss of money or goods.

Cyber Criminal

Cyber-attacks can cause havoc to a business. As well as raising questions about the security of IT systems, it also brings up many legal implications too. Just as it is a relatively new and constantly developing problem, it is also a relatively new and complex field requiring expert legal knowledge.

If your business has been the victim of a cyber-attack, you could face a number of repercussions that can affect your profits:

  • claims from customers who have suffered a financial loss as a result of the attack;
  • loss of client data;
  • disruptions of sales/staff work time; and
  • damaged reputation.

Business owners can also face claims from customers for breach of data protection. If your contracts with clients state your responsibility for data protection, you could have to deal with being held in breach of contract.

What responsibilities do businesses have regarding customer data?

Under the 1998 Data Protection Act (the DPA), organisations must take “appropriate technical and organisational measures” to protect personal data from unauthorised access or disclosure. However, as legal firms have discovered over the last few years, the DPA has some serious holes in it that are being exploited, leaving businesses reeling from the attack and subsequent fallout.

To shore up those holes, in May 2018, the EU’s General Data Protection Regulation (GDPR) will come into force. This will require all organisations to undertake data protection impact assessments for the riskiest uses of personal data.

It means that companies will need to ‘continuously’ identify risks that could put personal data at risk. Fines for any breach are expected to be significantly higher to a maximum of €20million or 4% of annual global turnover, whichever is higher. There will also be new legal obligations to report serious data security breaches and clearer guidelines on what data is regarded as ‘vulnerable’.

The government has already stated that this regulation will continue to be enforced after Brexit.

In the short-term

Investigation

Be prepared for an in-depth investigation into any cyber breach, so ensure you have a solid plan of action to cope. Our lawyers can help you to decide if the incident needs to be reported to the Information Commissioners Office (the ICO). Ensuring that breaches are reported sooner rather than later, and with full disclosure and details of preventative action initiated as a result, can mean the difference between a ‘lessons learned’ scenario or regulatory enforcement.

Dealing with claims

Seek legal advice around any liability claims arising from the cyber breach. This could include investigating the contractual position with any outsourced IT or virus protection providers to see if any losses can be recovered.

In the long-term

Risk assessment

Cyber security risks should be assessed, and a cyber security plan must be implemented. Because the threats to businesses are constantly changing, this needs to be reviewed to ensure you comply with legal obligations, giving customers and clients that all-important peace of mind that their data is safe.

Review and training

Your legal team can advise on any review of systems to protect your business from future attacks and training required to help staff respond effectively.

Prevention

Our lawyers can review your situation before you fall foul of an attack. They can check that your business complies with legal requirements and has the correct contracts, policies and procedures to protect it effectively.

Speak to data protection specialist Veronica Hartley today.

Note: This is not legal advice; it provides information of general interest about current legal issues.

Stay in touch

Subscribe to our newsletter

Stay in touch

By completing your details and submitting this form you confirm you are happy for us to send you marketing communications and that you agree to our Website Privacy Policy and Legal Notice and to us using Mailchimp to process your data.


Sending

News/Insight

  • Pension and inheritance tax changes from April 2027: why now is the time to review your will and estate plan
    From 6 April 2027, most unused pension funds and pension death benefits are expected to be included in a person’s estate for inheritance tax purposes. This article explains what the changes could mean for families, pension nominations, wills, chari


    Read more
  • What happens when company owners disagree? The key to keeping private companies running smoothly
    Director and shareholder disagreements can quickly disrupt a business if they are not addressed early. This article explains what disputes can mean for a private company, how they can be avoided, and how legal advice can help protect stability and su


    Read more
  • SMEs urged to review risks as liability rules expand
    New criminal liability rules taking effect on 29 June 2026 will make it easier to prosecute businesses of any size where senior managers commit offences while acting on the organisation’s behalf.


    Read more
  • AI-written grievances add new pressure for employers
    AI is making it easier for employees to produce detailed, formal-looking grievances that refer to legal concepts and workplace rights. For employers, the key is to look beyond the language, identify the core concern and follow a fair, consistent grie


    Read more
  • What to check in a new build contract
    Buying a new build home can be exciting, but the legal process carries important risks. From long-stop dates and mortgage deadlines to specifications, deposits, service charges and warranties, early legal advice can help protect your position before


    Read more

What they say...

  • Client, July 2026
    Pragmatic, but commercially astute support “Genuinely, we valued your pragmatic, but commercially astute support. It has helped us get this tricky deal over the line in a manner that we both feel supports our needs in a balanced way and gives L

  • Chey, July 2026
    Professional and speedy “I’m extremely happy with the service provided by RIAA Barker Gillette. They were very professional, dealt with my matter at speed and were very accommodating with my disability. I wouldn’t hesitate to use th

  • Client, June 2026
    Thank you “I had a call with Pippa that was not only factual and to the point but also reassuring and very helpful. Would highly recommend.”

  • Client, June 2026
    Trusts services “Very helpful service which solved our problem.”

  • Client, June 2026
    Probate Services “We used Patrice Lawrence to deal with our parents’ probate, and she handled the case promptly, professionally and with the respect due for a matter of this nature.”

Read more
Send this to a friend