Facing the Rising Threat of Cyber-Crime

There’s no getting away from it – cyber-crime is on the rise.

The modern criminal’s illicit activities can be carried out from the comfort of their own homes, with gaining access to your precious, private and personal data their aim.

And they are enjoying success, sadly. Large-scale companies and organisations being hit by data breaches seem to be almost commonplace these days. While this type of incident – large-scale corporations falling victim to thieves – generally make a mark on the public consciousness, smaller businesses aren’t excluded from cyber-criminals’ potential targets.

Small-to-medium businesses (SMEs) are targeted with greater regularity than national and international household names. This is due in no small part to the thieves’ increased chances of success when compared to larger firms who are more likely to have dedicated IT departments and robust cyber-security measures in place.

Half of UK businesses reported a cyber-attack in 2024, with the average cost to a medium-sized company easily reaching five figures.

Attacks on SMEs account for around four fifths of cyber-attacks in the UK. Experts say that the majority could, and should, have been protected with more stringent security measures in place.

In 2024 84% of businesses experiencing cyber-security breaches faced phishing attempts, in which scammers deceive people into installing malware or revealing sensitive information or login credentials. These attacks can be devastating as they can lead to firms losing data, money, their reputation and in some cases, the ability to continue trading.

So it’s clear that effective security measures are a must for any business. Failure to protect the data of customers, clients and stakeholders puts them at risk and that can’t help but threaten any future working relationships.

It isn’t just the private sector where cyber-thieves are enjoying success. Sadly, charities and the National Health Service have also fallen victim to these unscrupulous criminals.

In June last year, a number of major London hospitals were forced to declare a major incident as a ransomware attack caused the cancellation of numerous scheduled procedures and operations and emergency patients had to be diverted elsewhere. Critical services, such as blood transfusions, were paused and thousands of outpatients appointments were postponed.

Hospitals who’d partnered with pathology services provider Synnovis were attacked and their IT systems interrupted, with patients across six London boroughs affected. It took weeks for services to fully resume as normal, following an NHS IT taskforce’s level-three response (the highest level, carried out by expert-level responders).

In November, a single cyber-attack impacted three NHS organisations in Merseyside. The hackers accessed systems containing data from Alder Hey Children’s Hospital, Liverpool’s Heart and Chest Hospital and Royal Liverpool University Hospital. Thankfully, patient services were largely unaffected.

The attacker – believed to be a group called INC Ransom – published screenshots of the data they claimed to have extracted. The same group had claimed in March to have stolen data relating to more than 140,000 NHS Scotland staff members and patients. While a large quantity of data – more than three terabytes – was stolen and they threatened to release it, investigations showed that what was taken would have been of little use and much of it, provided several years earlier, was outdated.

Charities aren’t immune to cyber-attacks, either – far from it. In fact, they represent a very tempting scamming opportunity for hackers. Around a third of the UK’s registered charities have also experienced some kind on online attack in the last year.

Charities are less likely than businesses to donate their (generally limited) resources on the procurement of stringent cyber-security measures. They are more likely to rely on staff (who are often part-time and/or volunteers) using their own equipment. An estimated two-thirds of charities say their staff regularly use their own laptops, phones and other devices. With efficient IT security and management more difficult as a result, they can therefore become easier prey for hackers.

Charities with lesser resources and limited IT infrastructure should, in theory, be more vulnerable than sizeable businesses and could potentially be wiped out by a ransomware attack or data breach.

But hackers don’t care about the size of the charity they are targeting, or who suffers as a result of their actions.

Last year, Richmond Fellowship Scotland was attacked and 3,300 staff members were without the online systems needed to carry out their essential social care services. This means thousands of Scots with mental health difficulties, learning disabilities or substance abuse issues couldn’t access the support they needed.

Months earlier, the University of the West of Scotland was hacked and data including staff members’ bank details and National Insurance numbers was taken. The attack affected all staff members’ laptops, shut down half of the university’s systems and prevented students from submitting work.

The cyber-criminals, a ransomware group calling themselves Rhysida, threatened to sell the data they stole to the highest bidder unless they received £450,000 in bitcoin from the university.

Earlier in 2023, a data breach is thought to have led to the theft of the personal data of those making donations to well-known organisations such as Friends of the Earth, Dogs Trust, Cats Protection and the RSPCA.

It’s thought that the hackers in question accessed the data through a survey company that worked with the charities.

These incidents serve to illustrate that cyber-thieves will gladly steal data from anyone. It’s imperative that businesses, charities, local and national government bodies, service providers and halls of learning implement effective cyber-security measures. Failure to install, regularly update and maintain adequate cyber-security measures is a failure of what a business’ customers, staff members and associates have the right to expect.

The UK Government’s end-of-year figures show that 74% of mid-to-large UK businesses have experienced cyber-crime but, despite this, IT and financial leaders at some of the UK’s biggest firms demonstrate a poor understanding of cyber risk as a financial risk.

Data breaches were business leaders’ primary concern, with 72% identifying breaches as their primary cyber risk. But less than half (a mere 47% of company heads) surveyed expressed concerns about ransomware, despite the National Cyber Security Centre (NCSC) insisting it is the most significant threat to companies in the UK today.

Data is now a valuable commodity and those accessing, storing and using confidential data have a duty to protect it. We’ve looked at what firms should do to ward off cyber-thieves here (put hyperlink to ‘MS Protect your data’ here) so perhaps you, as a consumer, should consider your next move if your confidential information has been accessed by online thieves.

The repercussions of a data breach can be far-reaching for the innocent victims involved, who may suffer financial losses, plenty of sleepless nights and, at the very least, weeks, months or even years of hassles as they try to rectify the situation.

If your data has been accessed due to a third party’s insufficient cyber-security provision, you need to take action.

From a legal standpoint, if your personal data has been compromised, you could be eligible to claim compensation from the organisation that suffered the cyber-attack, particularly if there has been any negligence in data handling or a failure to adequately protect personal information.

We are currently taking on multiple data breach claims against organisations that have failed to safeguard its stored data. If you believe that you have been a victim of a data breach, we will act on your behalf on a no-win no-fee basis.

All you need to do is click the below button and fill in a quick-and-easy form to get the ball rolling. From there our legal experts will assess your case to see if you have a valid claim and will contact you to talk you through the process.