What to do after a cyber-attack

Knowing what to do after a cyber-attack will help you protect your firm’s systems from further damage or loss, and your clients’ data from being compromised.

This guide explains how to:

  • limit damage to systems and data
  • comply with regulations

If personal data is lost, you’ll need to know what to do under the UK General Data Protection Regulation (GDPR).

You may need to tell the Solicitors Regulation Authority, and your clients if their data is affected.

You should know what to expect from your professional indemnity insurance and cyber insurance.

Be aware of what client information you can give to your insurers. You should also know what you can tell your clients and other parties about your insurers.

More information and guidance