Consequences of a Cyber-Attack

Posted 28 April, 2022 at 14:29

Author Kevin Hawkins on behalf of H2 Cyber Risk Advisory Services Ltd

Last week I wrote a piece about the potential consequences of a data breach under the Data Protection Act 2018, prompted as it was by the breach suffered by Funky Pigeon. So, I though this week I’d take a look at the impacts of a cyber-attack on an SME.

The effect of such an attack on an SME is much the same as it is on a major company, it’s all about scale.  A resulted loss of cash for a big company of say, £500K, would be just as bad as a loss of £50K on an SME.  In fact, the hit on the SME might be a darn site worse as they are generally not financially robust enough to recover.

There has been a recent Cyber Security Breaches Survey, this year, conducted by the UK Government, which says that in the last 12 months, 39% of UK businesses identified a cyber-attack.  Which is actually a little down on surveys carried out by organisations like Barclay Card.  However, the period under examination was not as long.  The survey concluded that, within the group looked at, 31% estimated that they were attacked at least once a week, and 1 in 5 said they experienced a negative outcome because of the attack.

A successful cyber-attack can cause major damage to your business. It can affect your bottom line, as well as your business' standing and customer trust. These impacts are broadly divided into three categories: financial, reputational and legal.

Turning to the financial costs, Cyber-attacks often result in a loss arising from:

  • theft of corporate information
  • theft of financial information (eg bank details or payment card details)
  • theft of money
  • disruption to trading (eg inability to carry out transactions online)
  • loss of business or contract
  • Potential fines from the ICO in cases of losses of personal data

And of course, In dealing with the breach, businesses will also generally incur costs associated with repairing affected systems, networks and devices.

It takes a long time building up trust between you and your customers and, building a reputation within your field, for reliability, high standards, good customer service, etc.  A Cyber-attack can destroy that in hours.  If you were to lose your customers data, especially personal data, you can quickly erode that hard won reputation.  Imagine if you are in the supply chain for a major company and you are connected with them electronically in automate their ordering of whatever commodity you supply. And then you become an attack vector for a cyber-criminal who uses you to break into the network of the major company.  Do you think you’d ever work for that company again?  That loss of reputation will potentially lead to:

  • loss of customers
  • loss of sales
  • reduction in profits

There are potential legal ramifications to a cyber-attack as well.  I have mentioned the Data protection and privacy laws that require you to manage the security of all personal data you hold - whether on your staff or your customers. If this data is accidentally or deliberately compromised, and you have failed to deploy appropriate security measures, you may face fines and regulatory sanctions.  I have seen advertisements now from law firms advertising no win no fee terms to represent individuals who have suffered a data breach.  If you consider that in such a breach, individual records are almost always not lost, it is more likely that multiple records could be lost, which means multiple claims.  And that on top of any fine which may be imposed by the ICO.

And of course, you could face legal action from a larger company if you were the attack vector via the supply chain.

So, given all of that, what do you need to do?  Well, you need a business continuity plan to enable you to continue doing business whilst you get sorted out.  You need to be able to respond to the attack to:


  • reduce the impact of the attack
  • report the incident to the relevant authority, in the case of personal data loss
  • clean up the affected systems
  • get your business up and running in the shortest time possible

This does not need to be an enormously costly thing to do.  In fact, for many SMEs it can be quite a simple plan, but it does need to be a plan.  You should not ignore this or it could cost you dearly, perhaps even cost you your business.

And I’ll bang my usual drum.  Investing a relatively small amount in user training, education and awareness, is always money well spent.

H2 provides affordable and flexible one-off and ongoing data protection and cyber risk protection services.


To learn more about the services we provide please click here

Alternatively, please feel free to give us a call, email or book a time slot for a chat:

T: 0845 5443742

M: 07702 019060


Trust H2 – Making sure your information is secure 

What our customers say about us 

“We engaged H2 to examine our Cyber Security in readiness for obtaining Cyber Essentials accreditation. Their Cyber Maturity Assessment is comprehensive and H2s approach is unique in our experience of IT service companies. They provided services at our own pace and at price points which we were happy with. They were also comfortable working with our current IT provider, enhancing their services and products, and plugging the gaps, including Cyber Security and Data Protection Awareness training. I have no hesitation in recommending H2 to other companies who need such services.”

Mark Stephens, CEO, Smart Recruit Online Ltd

More from H2 Cyber Risk Advisory Services Ltd

The New Normal

The New Normal

17 May 2022


02 May 2022
The Cost of Getting Data Protection Wrong

The Cost of Getting Data Protection Wrong

20 April 2022
Data Protection

Data Protection

12 April 2022
Card image cap

H2 Cyber Risk Advisory Services Ltd


Profile Feed
Established in 2016, H2 Cyber Risk Advisory Services is a specialist cyber security and data protection company that focuses on providing innovative and robust security solutions to the UK SME sector. Its founders, Kevin Hawkins and Bob Hay, are amongst the best qualified and most experienced...


Press Releases