In just six months, 13,357 people lost a collective £34.6m to cyber crime. Protect your systems and prevent being liable. Read our five tips for avoiding liability. Cyber crime is becoming one of the most sophisticated and undetected crimes of our time and it is affecting individuals and organisations all over the world. News coverage typically concentrates on the big companies being hacked. Whether that be Ticketmaster reportedly being pursued by 650 of its customers potentially costing them £5m in damages[1]; or the NHS in Cumbria reporting that it has experienced 147 cyber attacks in just five years[2]. Individuals and small businesses may become complacent believing they are safe because who would target them? Why would a cyber criminal want to infiltrate their security measures when there are targets like RBS or the Department for Health? Well, because it’s easy. Large corporations have state-of-the-art, fully funded security systems and in-house security teams. Cyber criminals must be creative in getting around their system. Individuals and small businesses, on the other hand, are easier targets due to the gaps in their security. So, whilst the media is startling the nation with news coverage of a computer virus capable of adding or removing the appearance of malignant tumours in hospital MRI scans[3], it is easy for others to think, “why even bother?”. Action Fraud has reported that in just six months[4], 13,357 people reported a cyber crime. They collectively lost a massive £34.6 million. According to Action Fraud, during that same six-month period 5,225 people reported that social media and email accounts were the primary reason for reporting cyber crime and just these alone lost a total of £14.8m. This is why it is so important. Most cyber-crime is not actually a result of a directed attack. Contrary to popular belief, the hackers are not sitting outside your office window with a laptop trying to navigate itself around your router. They work on a larger scale. Cyber criminals can remotely “test” the security of hundreds of systems at the same time and attack those most vulnerable. The best way to avoid a security breach is, therefore, to increase your security so it is undesirable for hackers to infiltrate your systems. If you are a business, the hacker may infiltrate your server, email one of your customers from your email address and inform them of a change of bank details. The customer innocently makes the payment, unknowingly paying your money to the hacker’s bank account. Despite being a victim in this scenario, if you are found to have not taken steps to secure your system, you may be held liable for the customer paying into the incorrect account. So, how do you rectify this situation? The easiest way is prevention. Here are our top five tips that may help to avoid a breach:

  1. Make your systems secure. The National Cyber Security Centre ( has a wealth of information to help protect your business. The harder you make it for cyber criminals to hack into your business, the more likely they will not try.
  2. Train your staff so that they understand the importance of cyber security and the consequences of failing to adhere to it. For example, how to detect phishing emails or how and when staff should report any issues.
  3. Update your PC. Updates are often released by your operator and your virus protector to ensure your PC is protected from recent threats. Failing to do so may result in you being found liable for a breach. For example, if an update is available for three weeks and a hacker takes advantage of you not updating during this period and infiltrates your system to steal personal data of your customers, you may be found liable for failing to secure your system.
  4. Clarify the method by which you might inform your customers of any change of bank details. For example, explain by which method you might do so on your invoices, in the cover email and in your terms and conditions that you will never provide a change of bank details by email and that if the customer receives such an email to contact you by telephone to report any email received in this manner. This protects you and this protects your customer.
  5. There are dedicated cyber security firms that can assist you with securing your system. Not only does this protect you and your customers, you can also conduct business knowing you are doing everything you can do to ensure your systems are safe.

    Griffin Law is a dispute resolution firm comprising innovative, proactive, tenacious and commercially-minded lawyers. We pride ourselves on our close client relationships, which are uniquely enhanced by our transparent fee guarantee and a commitment to share the risks of litigation.  If you have any specific questions regarding a dispute, please email or call 01732 52 59 23.


    © Griffin Law Limited, 2022. All rights reserved.

    Nothing in this document constitutes any form of legal advice upon which any person can place any form of reliance of any kind whatsoever. We expressly disclaim, and you hereby irrevocably agree to waive, all or any liability of any kind whatsoever, whether in contract, tort or otherwise, to you or any other person who may read or otherwise come to learn of anything covered or referred to in this document. In the event that you wish to take any action in connection with the subject matter of this document, you should obtain legal advice before doing so.

    [1] [2] [3] [4] Between April 2018 and September 2018