Cyber security breaches and attacks continue to pose a serious threat to businesses of all sizes. According to the 2024 Cyber Security Breaches Survey, 50% of UK businesses reported experiencing a cyber security breach or attack within the past 12 months. Recent high-profile incidents, including those affecting Marks & Spencer and Co-op, have underscored the growing sophistication and frequency of these threats.
One common scenario we frequently advise clients on involves unauthorised access to business email systems. In such cases, a hacker may gain entry to an employee’s inbox, allowing them to monitor incoming messages and manipulate outgoing communications. This often leads to email spoofing, where the attacker impersonates the business and informs customers of a supposed change in bank account details. Unfortunately, some customers fail to verify these changes and unknowingly transfer substantial sums to fraudulent accounts.
If your business finds itself in this situation, it is crucial to act swiftly and strategically. We can assist in managing communications with affected customers and mitigating legal exposure. Businesses may face potential claims for breach of contract, negligence, and violations of data protection laws. Therefore, it is essential to carefully consider the content and tone of any communications, as these may later be scrutinised in legal proceedings.
Key Action Points for Businesses Affected by Cyber Incidents:
- Notify Your Insurers
Promptly inform your insurance provider, particularly if your policy includes cyber liability coverage. - Fulfil Reporting Obligations
Ensure compliance with legal and regulatory requirements, such as notifications to the Information Commissioner’s Office (ICO), Action Fraud and affected individuals. - Review and Strengthen Security Measures
Conduct a thorough review of your current cyber security infrastructure and identify areas for improvement or new security measures which could be introduced. - Implement Robust Internal Policies
Establish and enforce comprehensive IT policies, supported by regular staff training and a clear incident reporting framework.
Our Intellectual Property, Data Protection and Technology team and Commercial Dispute Resolution team have extensive experience in handling cyber fraud matters. We work collaboratively to provide clients with specialist, cross-disciplinary advice tailored to their specific needs. If your business is facing a cyber security issue, please don’t hesitate to contact us for expert guidance.
This article was written by Laura Stanley, associate, Catherine Mathews, partner, both in our Commercial Dispute Resolution team and Max Millife, data protection specialist in our Intellectual Property, Data Protection and Technology team.