What to do if your organisation comes under cyber attack - the risks, prevention strategies and action planning
The consequences of a cyber attack were brought into sharp focus last week, when numerous organisations around the world fell victim to a global ransomware attack.
We all know that prevention is the most effective way to reduce the risk of an attack, but sometimes even your best efforts will not stop a determined cyber-criminal. If the worst happens, what should you do?
Actions to take:
- Immediately protect your business from further attack
- Investigate what happened, when, how, who was affected and what was lost, damaged or compromised
- Notify the police at www.actionfraud.police.uk for all cyber-attacks and fraud
- Notify under any insurance policy covering cyber-crime
- Issue communications internally to relevant staff, suppliers, etc
- Consider and carefully put together an external communication to customers
- Check affected contracts
- Inform regulators and those affected
- Implement measures to prevent an attack
What is the likely fallout?
- Disruption to business
- Reputational damage
- Action by regulators for failing to respond swiftly and deal with the consequences appropriately
- Breach of data protection rules or contract provisions, leading to potential damages being payable (which will be exacerbated by GDPRs)
- Regulatory fines
- Legal action against individual directors for breach of fiduciary duty and duty of care
- Claims or complaints from staff, customers or suppliers affected
How can we help?
We can assist you in managing a cyber-attack or data breach. We advise on:
- risk mitigation measures including cyber security assessments
- policies and protocols (including response plans) to protect your network
- the immediate response to a cyber breach or incident
- notifying customers and suppliers
- regulatory investigations
- handling customer complaints
- statutory liabilities arising from the breach.
In the coming weeks, we will issue further guidance on prevention strategies for businesses – in the meantime, if you have an immediate concern, please contact Debbie Venn, Partner - Head of Technology.
Guidance supplied by Anya Topley, Trainee Solicitor
Published: 18 May 2017