News

Fines and lawsuits after data breaches ‘worse than the attack itself’

19-Sep-2024 - Last updated on 19-Sep-2024 at 11:33 GMT

Lawsuits and fines after a cyber-attack could cost you more than the breach. Image: Getty, ridvan_celik

Fines and lawsuits that arise in the aftermath of a cyber attack on your business could be more damaging than the attack itself, according to network security firm NordLayer.

The direct losses that result from a data breach aren’t the only thing a food firm needs to worry about. The ICO – the independent supervisory authority for data protection in the UK – has the power to issue fines of up to £17.5m or 4% of your annual worldwide turnover (whichever is higher).

Further, victims affected by the attack on your systems could seek recompense. A group of Greencore employees sought legal counsel after the manufacturer was hit with IT disruption to a part of its network on 12 December 2021.

Andrius Buinovskis, head of product at NordLayer, said: “Cyberattacks are a constant threat, and the financial repercussions can be significant. Fines and lawsuits that come after can overwhelm an organization even more. Companies have to invest in cybersecurity products and insurance to protect both their data and their bottom line.”

Cybersecurity compliance

To safeguard against the threat, businesses need to develop a cybersecurity compliance plan to protect sensitive information and maintain trust.

This begins with establishing a dedicated compliance team with expertise in cybersecurity risk assessment who will conduct thorough risk analysis, identify information assets, assess risk levels and determine potential impacts.

“Implement security controls based on your risk assessment,” Buinovskis added. “This may include data encryption, network firewalls, password policies, access control, incident response plans, employee training, and cybersecurity insurance. Finally, maintain active monitoring to revise and improve your security measures, identify new risks, and respond promptly to emerging threats.”

Food and drink manufacturers have been involved in a number of high-profile cyber attacks over the past seven years.

Victims of cyber crime

In 2022, Apetito confirmed that it has been a victim of a sophisticated criminal cyber-attack that took place on Saturday 26/6/2022, which breached its extensive security systems and impacted on the company’s IT systems and on its ability to operate in the short term.

Cyber-attacks reportedly halted production at a Cadbury factory in Tasmania in 2017, after its owner, global food giant Mondelēz, was infected by ransomware.

Government data in 2019 found that food firms ranked the lowest in terms of investment to prevent the threat of cyber attacks – an average of just £1,080 a year. For comparison, finance and insurance firms had invested the most on cyber security, at a significant £22,050.

Meanwhile, 1898 & Co. global director for utilities (power & water) and manufacturing Eric Ervin discussed cybersecurity in manufacturing and how to prepare the sector for potential cyber-attacks in an exclusive podcast.