The impact of lockdowns on cybersecurity
By Aman Johal, Lawyer and Director of Your Lawyers
The UK’s National Cyber Security Centre (NCSC) reported that a quarter of all cyberattacks over the past year are linked to the pandemic. Action Fraud, the UK’s National Fraud and Cybercrime Reporting Centre, disclosed that there have been over 16,300 successful cyber scams with losses amounting to £16.6m during the first lockdown period alone.
Research also revealed that 86% of consumers experienced some form of cybercrime during the pandemic as retailers turn to increased e-commerce out of necessity. Action Fraud found that people aged 18-26 were the most vulnerable to cybercrime on online shopping platforms, such as Depop and eBay, representing 24% of victims.
The second national lockdown in November pushed the nation back online for four more weeks, which served to increase cybersecurity risks once more. Black Friday, which took place on 27thNovember, was an additional factor, and phishing attacks reportedly increased by 336% when compared to previous years. In 2020, visits to e-retailers were up 35% year on year, inevitably correlating with a surge in cyberattacks and the risks that they pose.
And that is not the end of it. With the Christmas shopping season in full swing, further data has revealed that less than half of UK retailers feel that they have adequate cybersecurity measures in place. 45% believe that their third-party partners are not prepared either, a matter that has been a point of contention in the Ticketmaster data breach which involved a third-party vulnerability and exposed the personal information of 1.5 million UK customers.
The threat is so severe that the NCSC has launched its Cyber Aware campaign in December to educate consumers and businesses alike about the online threat posed during the festive season. These cumulative factors are indeed a significant cause for concern. The lack of urgency in retailers and consumers to protect themselves against cyber threats, in addition to the increasing sophistication of hackers already boasting a wealth of practice from the first lockdown, has created a ticking time bomb.
Data breach: the straw that could break the camel’s back
It is critical that e-retailers deliver on their responsibility to protect customer data. Failure to do so could result in significant legal and financial repercussions.
The UK’s Information Commissioner’s Office (ICO) has the power to issue significant fines for data breaches in accordance with the GDPR. In October 2020, it issued its first two significant fines against British Airways (BA) and Marriott, at £20million and £18.4million respectively – although these figures do represent a disappointing climb-down from the original intention to fine in the sums of £183m and £99m. In addition to fines, businesses in breach of the GDPR may also face significant compensation pay-outs for damages. In the case of BA, they could be facing a total pay-out of as much as £3 billion based on an average possible claim of £6,000 for each of the estimated 500,000 victims.
Customer loyalty is also likely to take a hit following a cyberattack; an additional blow that the retail sector cannot afford to suffer in 2020. For the UK retail sector as a whole, sales decreased by 19.1% year on year during the first lockdown, and it is still struggling to recover. Cybersecurity must always be a financial priority for e-commerce platforms, as data breaches can cost far more on average than investment in preventative measures.
Despite a dismal outlook for the retail industry on the whole, consumers who are affected by a data breach this festive season should remember that they could be entitled to pursue compensation from the responsible party. The power of the law should act as an important deterrent for businesses adopting a complacent attitude towards their cybersecurity responsibilities, especially as we continue to see worryingly high numbers of cyberattacks with serious implications for millions of people in the UK.
The surge in cybercrime is unlikely to relent in the near future. With a looming recession predicted for 2021, businesses may be persuaded to cut their cybersecurity spending. It is essential that this does not happen: companies in the e-commerce sector, and beyond, must view cybersecurity as a non-negotiable asset.
About the Author
Aman Johal, Lawyer and Director of Your Lawyers
Aman founded consumer action law firm Your Lawyers in 2006, and over the last decade he has grown Your Lawyers into a highly profitable litigation firm.
Your Lawyers is a firm which is determined to fight on behalf of Claimants and to pursue cases until the best possible outcomes are reached. They have been appointed Steering Committee positions by the High Court of Justice against big corporations like British Airways – the first GDPR GLO – as well as the Volkswagen diesel emissions scandal, which is set to be the biggest consumer action ever seen in England and Wales.
Aman has also has successfully recovered millions of pounds for a number of complex personal injury and clinical negligence claims through to settlement, including over £1.2m in damages for claimants in the PIP Breast Implant scandal. Aman has also been at the forefront of the new and developing area of law of compensation claims for breaches of the Data Protection Act, including the 56 Dean Street Clinic data leak and the Ticketmaster breach.
Aman can be reached online at LinkedIn and at our company website: https://www.yourlawyers.co.uk/