Cybercrime: it's a question of 'when', not 'if' for business

Cybercrime: it's a question of 'when', not 'if' for business


Author: Alex Bishop

Applies to: UK wide

Businesses face an increasing number of challenges and one of the most severe and potentially damaging is that of cybercrime. Fallout from a cyber-attack can result in both physical as well as reputational damage and the loss of business and customers.



The first 12 hours matter in a crisis - things happen quickly, they can get out of control.

Download your free copy of our Crisis Management flowchart today to identify key dangers, risk areas and opportunities, and to get you on the right track to avoid costly mistakes in the event of any crisis.

"The starting point must be that every British company is a target, that every network will be attacked, and that cybercrime is not something that happens to other people... I can tell you that right now GCHQ is monitoring threats against 450 companies."

George Osborne


Chilling words - particularly given how much British businesses now rely on their online presence. It is estimated that internet linked services contributed as much as £294billion to the UK's GDP in 2015 but according to the latest Government Security Breaches Survey (2015), 68% of large organisations and 34% of small organisations surveyed suffered from some form of cyber security breach within the last 12 months (2014-15).

It is thought that the overall annual cost of cybercrime to the UK economy could be as much as £34billion with the average cost of the worst security breach for larger organisations being £1.46million - £3.14 million. Last year's very public attack on Talk Talk reminded us of the vulnerabilities of any organisation to a cyberattack. It has been reported that last October's cyberattack cost Talk Talk £60million and the loss of 101,000 customers.

Research suggests that UK businesses are dedicating more and more resources to preventing their becoming the latest victim. Statistics suggest 44% of both large and small organisations have increased their spending on information security in the last year.

Prevention and defence must always be the fundamental basis to an organisation's approach to cybercrime but with ever changing methods and technologies designed to penetrate an organisation's defences, an increasing focus is being placed on preparing for 'when, not if' a cyberattack strikes.

Response team

The creation of a response team in preparation for a cyberattack is of vital importance. The first few hours following the discovery of an attack are usually the most crucial and will largely dictate the effect the attack has on an organisation. Any response team created must include a wide breadth of expertise, particularly including IT, PR and legal, to be on hand to advise and deal with the immediate aftermath and discovery of a cyberattack. Everyone within the business should know in advance who will be taking the lead and what the crisis plan is.

A recent report from one of the 'big four' accountancy firms revealed that cybercrime was at unprecedented levels with the problem only expected to become even worse, yet a third of the companies it surveyed did not have a plan to respond to a cyberattack.

In response to the increasing number of serious incidents affecting clients, Shoosmiths has set up its own crisis management team of specialists on hand 24/7, 365 days a year for clients who sign up to the service. We have also prepared a free download crisis management flowchart to help businesses begin to consider key issues to put a crisis management plan in place whether to deal with a cyber-attack or indeed any other crisis incident. Use the panel above to download a copy of our crisis response flowchart.


This document is for informational purposes only and does not constitute legal advice. It is recommended that specific professional advice is sought before acting on any of the information given.