In just six months, 13,357 people lost a collective £34.6m to cyber crime. Protect your systems and prevent being liable. Read our five tips for avoiding liability.

Cyber crime is becoming one of the most sophisticated and undetected crimes of our time and it is affecting individuals and organisations all over the world.

News coverage typically concentrates on the big companies being hacked. Whether that be Ticketmaster reportedly being pursued by 650 of its customers potentially costing them £5m in damages[1]; or the NHS in Cumbria reporting that it has experienced 147 cyber attacks in just five years[2].

Individuals and small businesses may become complacent believing they are safe because who would target them? Why would a cyber criminal want to infiltrate their security measures when there are targets like RBS or the Department for Health?

Well, because it’s easy.

Large corporations have state-of-the-art, fully funded security systems and in-house security teams. Cyber criminals must be creative in getting around their system.

Individuals and small businesses, on the other hand, are easier targets due to the gaps in their security.

So, whilst the media is startling the nation with news coverage of a computer virus capable of adding or removing the appearance of malignant tumours in hospital MRI scans[3], it is easy for others to think, “why even bother?”.

Action Fraud has reported that in just six months[4], 13,357 people reported a cyber crime. They collectively lost a massive £34.6 million. According to Action Fraud, during that same six-month period 5,225 people reported that social media and email accounts were the primary reason for reporting cyber crime and just these alone lost a total of £14.8m. This is why it is so important.

Most cyber-crime is not actually a result of a directed attack. Contrary to popular belief, the hackers are not sitting outside your office window with a laptop trying to navigate itself around your router. They work on a larger scale. Cyber criminals can remotely “test” the security of hundreds of systems at the same time and attack those most vulnerable. The best way to avoid a security breach is, therefore, to increase your security so it is undesirable for hackers to infiltrate your systems.

If you are a business, the hacker may infiltrate your server, email one of your customers from your email address and inform them of a change of bank details. The customer innocently makes the payment, unknowingly paying your money to the hacker’s bank account. Despite being a victim in this scenario, if you are found to have not taken steps to secure your system, you may be held liable for the customer paying into the incorrect account.

So, how do you rectify this situation?

The easiest way is prevention. Here are our top five tips that may help to avoid a breach:

  1. Make your systems secure. The National Cyber Security Centre ( has a wealth of information to help protect your business. The harder you make it for cyber criminals to hack into your business, the more likely they will not try.
  2. Train your staff so that they understand the importance of cyber security and the consequences of failing to adhere to it. For example, how to detect phishing emails or how and when staff should report any issues.
  3. Update your PC. Updates are often released by your operator and your virus protector to ensure your PC is protected from recent threats. Failing to do so may result in you being found liable for a breach. For example, if an update is available for three weeks and a hacker takes advantage of you not updating during this period and infiltrates your system to steal personal data of your customers, you may be found liable for failing to secure your system.
  4. Clarify the method by which you might inform your customers of any change of bank details. For example, explain by which method you might do so on your invoices, in the cover email and in your terms and conditions that you will never provide a change of bank details by email and that if the customer receives such an email to contact you by telephone to report any email received in this manner. This protects you and this protects your customer.
  5. There are dedicated cyber security firms that can assist you with securing your system. Not only does this protect you and your customers, you can also conduct business knowing you are doing everything you can do to ensure your systems are safe.

Whether you are a business or an individual, if you would like to speak to a solicitor about anything mentioned above, or if this resonates at all with a situation you might find yourself in, contact Griffin Law today.




[4] Between April 2018 and September 2018