• Technology
  • June 17, 2020

Cyber Attacks - The Legal Implications for Businesses

In this blog, we consider the legal implications for businesses suffering a cyber attack following the recent reports that Tesco customers had their accounts hacked. It has been reported that money was taken from over 20,000 Tesco customer accounts. Tesco Bank's chief executive stated that "a systematic, sophisticated attack" had taken place. After the attack, Tesco bank put in temporary measures to stop current account customers from making online payments using their debit card because of the criminal activity that had taken place. Early this year, prior to the Tesco cyber attack, the Government released the results of a survey on cyber attacks. The Department for Culture, Media & Sport and Ed Vaizey MP. The report highlighted that: 
  • Two-thirds of large businesses experienced a cyber breach or attack in the past year
  • Nearly seven out of ten attacks on all firms involved viruses, spyware or malware.
  • In some cases the cost of cyber breaches and attacks to business reached millions, but the most common attacks detected involved viruses, spyware or malware that could have been prevented using the Government’s Cyber Essentials scheme.
  • Only about a third of all firms, had formal written cyber security policies and only 10% had an incident management plan in place.
If your business that suffers a cyber attack, your business could be exposed to claims from customers who suffer losses as a result of a cyber-attack taking place. Even a basic virus could result in loss of profits to a company, loss of client data, disrupt online sales and take up valuable staff time. A cyber attack can damage a business’s reputation by being reported in the press and can result in fines or prosecution. Businesses need to comply with the UK cyber security laws. These laws include: 
  If your business suffers a data security breach it could lead to claims being made by customers where their personal data or confidential information has been released. This could be a claim for breach of contract for example where a business’s privacy policy has not been complied with or a claim for negligence because the business failed to put in place adequate measures to protect customer data. In addition, many commercial contracts include provisions that impose obligations on companies to comply with data protection legislation. If these clauses are breached the company could face claims for breach of contract. This could result in a claim for damages being brought and in some cases the contracts being terminated. Next steps: 
  1. Businesses should know steps to review their cybersecurity plans. If a business does not have a cybersecurity plan, then it needs to put on in place. Many businesses are failing to protect themselves from the potential costs associated with a cyber attack and are not complying with their legal obligations under data protection and cyber security laws.
  2. Get a cyber essentials certificate. Cyber Essentials is a Government scheme which is said to help prevent the vast majority of cyber attacks.
  Having a Cyber Essentials badge will: 
  • Protect your organisation against common cyber threats
  • Show your customers you take this issue seriously
  • Enable you to bid for Government contracts.
  1. The Government has created a new National Cyber Security Centre (NCSC) offering industry a ‘one-stop-shop’ for cyber security support. Go to the NCSC website and review the guidance sheets and technical advice sheets available. The National Cyber Security Centre (NCSC) is the UK’s authority on cyber security. NCSC is part of GCHQ. For more information see: https://www.ncsc.gov.uk/guidance/10-steps-cyber-security
If you want to speak to any of our expert lawyers about cyber protection, get in touch with us via the business legal advice portal.

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By LawBite Team
  • April 01, 2022
3 ways to protect your business from cyber security threats

Cyber security threats, including cyberattacks, phishing attacks, and ransomware attacks have increased markedly since 2020. As the workforce began...

blog image
  • By LawBite Team
  • April 01, 2022
How to coordinate a cyber incident response plan

If you own a business the question of whether you will suffer a cyber incident is not one of ‘if’ but ‘when’. In the 12 months from March 2020/21 f...

blog image
  • By LawBite Team
  • March 31, 2022
How to protect your business from phishing emails

The average office worker receives 121 emails per day. This, along with the fact that criminals are getting smarter, means phishing emails are beco...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan

Join for Free