Cyberattack notification 

Following a cyberattack on Southern Water, many have received a letter informing them that their data may have been stolen. Southern Water has reportedly had to inform 5-10% of its customers, alongside current and former employees, about the data breach. The affected data includes personal details such as names, contact information, national insurance numbers, dates of birth, and banking information. 

Immediate actions and short-term response 

In response to the cyberattack, Southern Water has taken immediate steps by engaging leading cybersecurity experts to monitor potential data misuse on the dark web and coordinating with police, the Information Commissioner’s Office, government bodies, regulators, and the National Cyber Security Centre. They promise diligent monitoring for as long as necessary. 

Medium-term measures 

To mitigate the impact, Southern Water is offering free Experian credit monitoring for 12 months to detect and prevent fraudulent use of personal information. The company will continue to collaborate with regulators to investigate the breach’s origins and address potential regulatory consequences. 

Long-term implications 

The cyberattack exacerbates the already challenging reputational issues facing UK water authorities. Despite potential cybersecurity measures, convincing customers of their effectiveness remains difficult. The breach underscores the industry’s likely need for enhanced security practices. 

Financial consequences 

Cyberattacks pose significant financial burdens, often greatly surpassing the costs of preventive cybersecurity measures. Southern Water faces expenses related to expert assistance, credit monitoring, ongoing data protection, customer communication, and administrative tasks. This incident adds to the financial pressure on water companies who already need to invest in infrastructure and service improvements. Taking more money out of the business will potentially negatively impact the service to customers. 

Perspective and recommendations 

While it’s premature to pass judgment on Southern Water’s data protection efforts, the incident highlights the pervasive impact of cyberattacks. Businesses and individuals must prioritise cybersecurity, allocating resources, establishing robust processes, and encouraging awareness to reduce risks.  

As business leaders and domestic users we need to take cybersecurity seriously, making it a priority at work and at home. From a business perspective we need to ensure cybersecurity is placed high on the agenda across the business, ensuring significant budget is allocated, processes developed and maintained, and staff training programmes regularly provided. At home we need to manage our passwords carefully, turn on Multi-Factor Authentication, ensure we have cybersecurity in place and stay vigilant when clicking on emails (and opening letters, and answering the phone)… 

For those concerned about cybersecurity, proactive engagement is crucial. Staying informed and consulting with cybersecurity specialists can provide valuable insights and strategies to protect against such vulnerabilities. 

This stuff isn’t easy unfortunately. We’d all like to be concentrating on something else. But when we see attacks like the one on Southern Water it highlights how we all need to take cybersecurity seriously. We keep our finger on the cybersecurity pulse by constantly learning about threats, mixing with other likeminded cyber specialists and following our own advice. If you are concerned about cybersecurity please do get in touch – don’t wait until it’s too late.