Cyberattack compensation: when can you claim?

When can you make a claim for cyberattack compensation? How can you hold an organisation to account that has been breached? How can we help you on a No Win, No Fee basis?

These are common questions when it comes to cyberattack compensation cases. Many may think that the only way you could claim is to sue those responsible for the attack – i.e. the hackers. This isn’t really a feasible option, but you can be eligible to claim compensation against the organisation that has been attacked. They have an important duty to protect themselves and your information, so if they have fallen short, you could be eligible for a case.

Data protection is the law. The GDPR puts a duty on organisations to take reasonable steps to protect the information that they store and process. If they fail to uphold this duty, they can be negligent.

Cybersecurity: still not a priority?

Given the number of hacks that are taking place, it seems clear to us that cybersecurity is still not a priority for many organisations. This year alone, we have seen easyJet hit with a monumental cyberattack, and MGM involved in yet another huge event as well.

We have also seen Virgin Media fail to secure information that led to it being exposed online.

This all points toward the idea that cybersecurity is still not a priority for many businesses, and one element that is lacking in many cases is the skill-set of employees both internally and externally

There is plenty of evidence that shows there is a lack of skilled employees in organisations that can help to prevent cyberattacks and enforce better data protection. Evidence also suggests that there is a lack of reliance on the many third-party experts as well, with too few organisations working with a professional company that can meet their needs. At the very least, there should be a solid combination of internal employees who know what they are doing as well as the use of security software and agents to assist.

As a go-to name for journalists when it comes to data protection matters, we are often in the media and are often asked about the shape of data protection in the UK. In so many instances, we find ourselves repeating the same things about the need for businesses to focus more on preventative measures. This includes staff training, the hiring of internal experts, and the use of third-party security experts and the software that they can provide.

No one can, or should, ignore the fact that the hackers are winning the battle. They will develop their software to break new security measures. They will reinvest funds acquired through cyberattacks to step up their efforts to steal and expose more data. In short, they are taking steps to keep on exposing information, and all organisations must make sure to keep up to defend themselves against criminal activity.

Can you claim cyberattack compensation?

If we can establish that an organisation has been negligent by failing to adequately protect your information, you could be eligible to claim cyberattack compensation.

If we consider that not enough was done to have prevented the attack, that is when you could claim. For example, in the Equifax case we represent clients for, they failed to implement a patch for a known security vulnerability that hackers then exploited. In the British Airways case that we are on the Steering Committee for in the Group Litigation Order action, the Information Commissioner’s Office (ICO) has practically established that they failed to adequately prevent the attack.

In these kinds of cases, you could be eligible to claim cyberattack compensation with us on a No Win, No Fee basis. If we think that there are grounds for a case, we can take it forward for you.

Free, no-obligation advice

For free and no-obligation advice about your options for making a data breach compensation claim, please don’t hesitate to contact the team today.

Why claim data breach compensation?

Local authority data breaches compensation advice