As the Scottish schools begin to break up and holidays begin, many organisations move to a slower pace over summer. Unfortunately, cyber attacks don't take a break.

The growing risk of a cyber incident means it is an issue that should remain on every organisation’s radar even as holidays (and hopefully some summer sun) appear on the horizon.


Cyber crime can include hacking, phishing, or using malicious software, which are deployed to access data – this usually leads to financial loss for an organisation, and gain for the threat actor. Recent statistics released in Scotland show that, in 2023-24, an estimated 16,910 cyber-crimes were recorded by the police in Scotland – this represents an increase of over 9,000 (over 200%) from the pre-pandemic rate recorded in 2019-2020.We always recommend that affected organisations report a cyber incident to, and engage with, the appropriate agencies. However, cyber attacks are often not reported to the police, so the real cyber-crimes figures are likely much higher.

Threats can come from organised groups, with specific targets, as well as more generic attacks. Targeted attacks are not uncommon, and nation state actors may sometimes be responsible for these types of attack. Earlier this year the UK Government called out threat actors associated with China for carrying out malicious cyber activities, targeting UK institutions and individuals.

Often when organisations think of cyber attacks the first thought is data breaches and the risks that come with unauthorised access to personal data, often in the form of ransomware attacks. However, another risk for organisations impacted by a cyber attack, targeted or otherwise, is the risk of inability to access systems, otherwise known as ‘denial of service’. Over the summer key events, such as the general election, the Euros and the Olympics, can generate interest, exposure, opportunities and income for organisations. A well-timed cyber attack could compromise the provision of key services, resulting in significant loss and reputational damage. Being unable to provide business as usual services, also brings a risk of being in contractual breach, with knock-on legal and financial exposure.

There are a number of steps that organisations can take now to mitigate and prevent the impact of cyber crime on their operations. These include knowing the organisational “crown jewels” and how these are protected as an important first step to maintaining business and usual services in the event of a cyber attack. Having a stress-tested incident response plan can help a business respond quickly to any incident and mitigate the impact on services, preventing a full denial of service.

Burness Paull’s leading cyber security, data protection and group litigation experts have significant experience in managing cyber security risks and best practices. Our team are on hand to support you on your cyber resilience journey, from implementing protective measures to handling a full-scale incident. Please get in touch with any of our team to discuss your needs.

Written by

Nick Warrillow

Nick Warrillow

Director

Dispute Resolution

nick.warrillow@burnesspaull.com 0131 473 6115

Get in touch

Related News, Insights & Events

RISK HORIZON SCAN 2025

Risk horizon scan: 2025

January is the optimal time for businesses to review risk registers against management plans and goals for the next 12 months.

Read more
The Scottish Law Commission’S Proposed Changes To The Law Of Personal Injury Damages In Scotland

The Scottish Law Commission’s proposed changes to the law of personal injury damages in Scotland

A look at the SLC’s recommended reforms which, if implemented, will represent one of the biggest changes in Scots law in personal injury law for decades.

Read more
Costs In Personal Injury Claims Where Are We Now

Costs in personal injury claims – Where are we now?

From inflationary increases and complexity based uplifts in claimant costs to QOCS, the cost of litigation in defending people claims has increased in Scotland.

Read more

Want to hear more from us?

Subscribe here