Data protection hacking likely to hit SMEs harder

January 13, 2016 @ 12:13 by Alison Cowie

Specialist data protection and cyber-security lawyers warn that SMEs could suffer disproportionately due to a malicious data protection leak

Law firm Moore Blatch recently carried out research amongst SMEs which shows that 76 per cent of the companies surveyed are concerned about cyber-security, with 17 per cent having experienced a cyber-attack.

However, the issue for SMEs could be far worse financially due to the often more personal relationship that they have with their customers and the less utility-based products and services they provide, compared to larger businesses.

The key issue is that, while hackers are most interested in financial information, new legislation allows a customer to seek financial recompense for the distress caused by the loss of all their data, which for many people might mean that the financial data loss could be a secondary issue compared to their purchasing behaviour. The legislation follows the recent Google Inc. v Vidal-Hall case where it is was agreed that claims can now also be made for emotional distress caused by a breach of the Data Protection Act 1998, even though no financial loss has been suffered

For example, while a gas company may hold the same financial details as an SME, the loss of the product details, i.e. that you are a gas user, is unlikely to cause distress. An insurance broker, on the other hand, might lose details of your classic car or fine art collection with the same principle applying across many business types.

Financial loss because of reputational damage, and loss of trust are also likely to hit SMEs harder as, for many, this is one of their key trading propositions..

Paul Whitaker, partner, Moore Blatch, said: “The most commonly discussed financial cost relating to a cyber-attack and loss of data is the potential fine from the Information Office Commissioner. But, while this should not be ignored, the real financial issues for many SMEs lie elsewhere, as the loss of the client’s relationship and details about products and services lost could cause far greater emotional stress. Therefore, if an SME is hacked or loses client data, the claim for emotional distress could be far higher.”