Warning to small and medium-sized enterprises as firm hit by cyber-attack is fined £60,000

The Information Commissioners Office (ICO) has recently published an article on its website drawing all firm’s attention to the fact that a firm has been fined £60,000 following a cyber-attack.


The ICO found that the organisation had failed to take basic steps to prevent its website from being attacked

The company was found:

  • To have not performed regular penetration testing
  • To have failed to have ensured the website password on the WordPress section of its website was sufficiently complex
  • To have stored some unencrypted information and the unencrypted information was found not to be secure as the decryption key was not secure
  • To have encrypted card details held on servers for longer than necessary

The ICO advised that if firms hold personal information then they must do so in line with the law, taking steps to ensure that the data is protected. The article also states that under the General Data Protection Regulations coming into force next year, fines such as this one could be significantly higher.

Cyber is a ‘hot topic’ and we have issued several articles on this matter.

Whilst insurance is certainly available (the FCA are now showing an interest in firms that have not purchased such cover) there are several basic steps to train staff to spot possible attacks and help prevent them.

Issues such as not allowing downloads of screensavers or games and restricting websites, will go some way to protecting yourself, but there is a lot more you can do.

Remember if there is a data security or cyber breach it’s not just the ICO that needs to be told, but potentially the FCA as well.

The FCA has published guidance on the matter (https://www.fca.org.uk/firms/cyber-resilience), and we would urge all firms to undertake a review of their exposure, arrange regular testing, put in place staff training (see www.mydevelopment.zone for e-Learning courses), and ensure that such reviews/tests are updated on a regular basis.

Terence Clark

About the author

Terence has over 35 years' experience in the Financial Services environment, covering general insurance, investments and mortgages. Before joining RWA, Terence worked for a large PLC insurance brokerage in Manchester, overseeing some 20 acquisitions. He served as Compliance Director at RWA from 2011 to 2018 and has worked with insurance broking firms of all sizes across the UK. He has a particular interest in Financial Crime and the protecting the insurance broker. Terence previously served as Executive Chairman of the Association of Professional Compliance Consultants (APCC), the professional body for the compliance consultancy sector. He retired from RWA in 2019.

Get UKGI Insight In Your Inbox

Regular business news and commentary delivered direct to your inbox each week. Sign up here