Cyber Security Incidents – it’s a matter of when not if

The UK Government’s Cyber Security Breaches Survey 2021 has shown that:

• four in ten businesses report having cyber security breaches or attacks in the last 12 months. Of those, one in five ended up losing money, data or other assets,
• one-third of all businesses report being negatively impacted, e.g. because they require new post-breach measures, have staff time diverted or suffer wider business disruption and
• three-quarters of businesses say cyber security is a high priority for their directors or senior managers.

But, only a minority of organisations have taken appropriate action.

What should you do?

Here’s our list of 10 things we recommend that you do to prevent, manage and recover from incidents.

1. Understand the different internal and external threats to your business and how to manage them
2. Put in place appropriate policies, procedures, contracts and staff training
3. Understand what information laws and standards are relevant to your business
4. Know when and how to inform regulators and law enforcement about an incident
5. Understand how best to respond when a regulator undertakes an investigation
6. Appreciate the ways to effectively engage with affected individuals, customers, clients and the media
7. Know when and how to appeal a regulator’s decision
8. Understand the different strategies to recover after an incident
9. Appreciate when it is appropriate to litigate against third parties
10. Understand how to cost-effectively defend litigation

How we can help

Mark Gleeson is a senior, highly experienced and nationally recognised data protection and cyber security lawyer. Drawing on a quarter of a century’s experience, gained in private practice in major City law firms and in industry, Mark can provide you with top quality pragmatic advice.