Cyber security attacks pose existential threat to businesses

By Mark Beesley, below, Head of Professional Negligence at Lime Solicitors

With the UK seemingly on the brink of a recession, consumers and businesses across the country can expect a challenging year ahead. However, where others see crisis, fraudsters and cyber criminals see a chance to profit on the misfortune of others. Previous periods of economic disruption have seen an increase in cyber-attacks on vulnerable people and businesses and it’s reasonable to fear that the combined effect of the recession and the cost-of-living crisis could see such a phenomenon be repeated.

The threat itself is not new. BT found that every day the UK sees around 65,000 cyberattack attempts on SMEs. With a recession imminent and businesses already on the edge, the scale of the challenge is only growing. According to the Cyber Threat Defence report, more than 80% of UK organisations experienced a successful cyberattack in 2021/22.

Recent years have also seen the threat rise from affecting individuals to even the biggest of corporations and government agencies. However, the consequences and costs of such an attack remain highest for SMEs and individuals. Nevertheless, and despite the clear and present danger, I have often found that the scale and consequences of a successful cyberattack remain beyond the understanding and the preparedness of most businesses and professional advisers.

From my own experience in professional negligence law, I’ve come to see cyber security as easily a top three threat for many businesses, with far-reaching impacts. Though a fine under GDPR legislation may be the most obviously significant consequence for a business, it is far from the only one. Businesses face significant loss of revenue during a cyberattack, as they lose access to key infrastructure they need to function. For ecommerce companies, this may mean no longer being able to take orders. However, businesses across the country and in every sector depend on some level of digital infrastructure to ensure their business can run smoothly. Even if the business does not fully lose its ability to function, paralysis can still set in as management are distracted by this urgent challenge, and key decisions are deferred, which comes with its own cost.

Companies are likely to face sharply increased insurance premiums after a successful cyber-attack, which could have a significant impact on the small to medium businesses least able to adapt to a sudden increase in costs for which they had not forecast. If a company or its advisers are perceived to have failed to protect its consumers and partners, then there is also a serious risk of reputational damage. The threat of negligence and legal action is never far off if a company finds itself losing protected data, or worse, inadvertently infecting another business, such as a supplier or a distributor.

How to account for these challenges? In my view, the key is first to raise awareness amongst businesses and professional advisers of the scale of the challenge. As a solicitor, I need to fulfil an obligation to advise a client reasonably. Highlighting the value of external experts to review security systems is increasingly a key part of that, and I expect to see more legal disputes arising from businesses who feel poorly advised as to cyber threat as we proceed through the challenging months ahead.

The second step is investment. I often see the consequences of cybersecurity after the breach has occurred and when people are looking to attribute blame. It’s a costly, and uncertain, process. Invariably, all parties involved would rather the breach had not happened. Cyber threats are here to stay, and it’s vital SMEs get the advice and support they need to ensure an attack does not prove fatal for their business.