Close search

You have been hacked – only the ransom message gets through. What do you do?

We are all just a click away - your IT and connected systems are out – you have been hacked – only the ransom message gets through. What do you do?


Have a plan

It is essential to have a disaster recovery plan, keep it under regular review and communicate it to those who need to know. A good plan will remain available to key people and set out how you will contact your executives, stakeholders and other necessary contacts and the steps to be followed. It will also contain your essential documents/data so that you can start to recover. Prevention is better than cure

Good IT housekeeping is the best way to limit your vulnerability to attack.

Regular and frequent offsite backup; regular systems checks and security upgrades; training for all users, including what they should do if something goes wrong; reminders and constant vigilance. Be aware – an attack may not completely disable your systems; you may not immediately appreciate it has happened. Consider specialist technical advice to review and update your systems, practices and cyber defences.


Make sure that you, your employees and others using your system are aware of the most common tactics used by hackers, know what to look out for and what not to do. Human error and inadvertent lapses in judgment can have dire consequences. Business-specific training, frequent reminders and constant vigilance can help you avoid being caught in a seasoned hacker’s trap.


Can be costly and subject to extensive exclusions but worth considering. Consult your broker. If you have been attacked, check your policies for cover. Contact your insurers immediately, otherwise you may find that cover is avoided by failure to comply with your policy terms.


The technical solution

If the worst happens, act quickly - bring in your in-house IT team or external IT advisers urgently to prevent further data loss, begin the recovery process and technical analysis of exposure. If you do not have an in-house team or external advisers, we can suggest highly experienced IT experts to assist you to work out what has happened, if the data can be recovered and what systems to put in place to stop it from happening again.


The Police

Consider reporting the situation to the police. You may be in double jeopardy with one ransom demand for access to your material and another to prevent publication on the dark web or elsewhere. If you are insured, your insurers may require you to inform the police, but check with them first.

Data Protection

If you are a data controller and the personal data of others may be compromised, you must consider and comply with obligations to report to the Information Commissioner’s Office. You may need to inform all persons whose data may be compromised, so they are aware that they are at risk. There can be very substantial fines for failure to report or for a breach of your other obligations.

If your personal system has been hacked, you are not likely to be a data controller of the information contained on it, but consider what personal information may have been compromised. Notify banks, asset holders, your professional advisers and other relevant contacts what has happened. You may need to change user names and passwords, block accounts and arrange replacement cards and facilities.

Legal protection and reputation management

You will need to manage your external messaging carefully to protect your reputation whilst meeting your obligations.

You may be able to obtain an urgent court order effective against the world to prevent publication or misuse of your data and for it to be delivered up to you. Whilst this may not bring the data back, it could limit the damage you suffer as a result of the attack.

And later

Be alert to signs of identity theft or continuing data compromise which may not manifest themselves until later.

You may have a claim against someone other than the attackers arising from the data breach. You may face claims from others who say you have not properly protected their data. Once you are out the other side of the immediate crisis and the situation has been analysed you may wish to consider if there is a way to recover some of your loss or you need advice on defending potential claims.

Fladgate can assist. Our lawyers can advise on regulatory obligations, provide assistance to help prepare against cyberattacks and guide you through the response to an attack.

Please contact: Janet Keeley (, Eddie Powell (, Alan Wetterhahn ( or Leigh Callaway (

Featured Insights


Contact us