What to do if your organisation comes under cyber attack - the risks, prevention strategies and action planning

What we say - article


What to do if your organisation comes under cyber attack - the risks, prevention strategies and action planning

CybercrimeThe consequences of a cyber attack were brought into sharp focus last week, when numerous organisations around the world fell victim to a global ransomware attack.

We all know that prevention is the most effective way to reduce the risk of an attack, but sometimes even your best efforts will not stop a determined cyber-criminal.  If the worst happens, what should you do?

Actions to take:

  • Immediately protect your business from further attack
  • Investigate what happened, when, how, who was affected and what was lost, damaged or compromised
  • Notify the police at www.actionfraud.police.uk for all cyber-attacks and fraud
  • Notify under any insurance policy covering cyber-crime
  • Issue communications internally to relevant staff, suppliers, etc
  • Consider and carefully put together an external communication to customers
  • Check affected contracts
  • Inform regulators and those affected
  • Implement measures to prevent an attack 

What is the likely fallout?

  • Disruption to business
  • Reputational damage
  • Action by regulators for failing to respond swiftly and deal with the consequences appropriately
  • Breach of data protection rules or contract provisions, leading to potential damages being payable (which will be exacerbated by GDPRs)
  • Regulatory fines
  • Legal action against individual directors for breach of fiduciary duty and duty of care
  • Claims or complaints from staff, customers or suppliers affected

How can we help?

We can assist you in managing a cyber-attack or data breach. We advise on:

  • risk mitigation measures including cyber security assessments
  • policies and protocols (including response plans) to protect your network
  • the immediate response to a cyber breach or incident
  • notifying customers and suppliers
  • regulatory investigations
  • handling customer complaints
  • statutory liabilities arising from the breach.

In the coming weeks, we will issue further guidance on prevention strategies for businesses – in the meantime, if you have an immediate concern, please contact Debbie Venn, Partner - Head of Technology.  

Guidance supplied by Anya Topley, Trainee Solicitor

Debbie Venn, Partner, Head of TMT, Commercial email Debbie now



Published: 18 May 2017

Subscribe to all articles and news: