Cyber-Attacks – Does Your Business Have an HR Plan? Part 2 

6th October 2025
back to legal update

In this article

    Share this article

    In the second instalment of our Legal Update on cyber-attacks, we take a look at three more things your business may want to think about in a cyber-attack HR plan. You can access part one of the series here.

    Handling communications 

    If the worst does happen and there is a successful cyber-attack in your business communication will be extremely important. From an HR perspective, depending on what the hack involves, e.g theft of employee information, business disruption, etc, it could be a worrying time for employees. It will be important to think about how communications will be handled and by whom to help make sure it is done effectively and appropriately. 

    At what is likely to be a difficult and stressful time, it’s important that communication with employees, where needed, isn’t overlooked. Remember, if there are any HR issues, such as a lack of work for employees, the need for temporary redeployment, etc., we are here to help so please do get in touch for specific advice before acting.

    Dealing with suspected employee misconduct

    If an employee is suspected of wrongdoing in connection with a cyber-attack, for example, there are concerns they may have breached your IT policy or have been complicit with the hackers, it will be important to deal with the matter appropriately. In the event of a cyber-attack, there will be a lot for the business to deal with, and it can be all too easy for a misstep to be made when handling a potential conduct issue. As part of your HR action plan, you may wish to make sure that the appropriate people in your business have an awareness of how to handle disciplinary matters, in particular:

    • They should check the employee’s length of service. If they have less than two years’ service, it may be possible to dismiss them more quickly and easily than would usually be the case. This is because currently, two years’ service is required for an ordinary unfair dismissal complaint. That said, it’s important to seek advice on the facts of the case before acting, not only because there are some claims that employees can bring that don’t require any minimum length of service, but also because calculating an employee’s length of service is not always straightforward, and it’s important not to get caught out.
    • They should think carefully if they are considering suspending an employee. Suspension can be appropriate if the seriousness of the alleged misconduct merits it and it is a reasonable step to take in the circumstances. Bear in mind, suspension will usually be on full pay and is not considered to be ‘a neutral act’, so it’s important to get it right and handle the situation carefully. Before suspending an employee, get in touch to discuss the situation you are dealing with. 
    • Dealing with a conduct issue where an employee has two years’ service or more will in outline, usually involve carrying out a full and thorough investigation. Where there is sufficient evidence to merit it, inviting an employee in writing to attend a disciplinary hearing (setting out the allegation/s against them and providing the evidence at the same time), holding the hearing and afterwards giving a written outcome and right of appeal. Where the situation involves potential criminal conduct / an ongoing police investigation, there can be additional matters to consider.

    Remember, we are here to provide advice and support in relation to any potential employee conduct issue, so please do get in touch. We can help to lighten the load at what is likely to be a stressful and challenging time. We can provide practical business-focused HR advice to help you deal with the issue your business is facing, as well as saving you time by supporting you with matters such as drafting a disciplinary invitation. 

    Managing the HR aspects of serious disruption to your business 

    Businesses can often experience disruption in the wake of a cyber-attack; in some cases, this can be serious, for example, Jaguar Land Rover had to shut down production.  This has not only affected that business but also its supply chain.

    If your business is directly or indirectly affected by a cyber-attack which negatively impacts the amount of work available for employees, having an awareness of ‘short time working’ and lay-off, and the rules around this may help your business to navigate a challenging period.

    In brief, lay-off refers to the temporary suspension of work and normal pay for employees, with the employment relationship otherwise remaining intact. Short time working means employees continue to work, but on reduced hours, receiving reduced pay that is adjusted to reflect the hours actually worked. It’s important to bear in mind that to safely implement lay-offs or short-time working, a business will usually need to have an appropriate clause in its contracts of employment. You can find out more about lay-offs and short time working here.

    Need help with HR issues in your business? Please don’t hesitate to get in touch.

    Need HR Backup During a Cyber Incident?

    At Kingfisher, we step in fast with clear staff-comms scripts, fair misconduct processes and pragmatic workforce options (redeployment, short-time/lay-off) so you stabilise operations and protect your people. If part two resonated, let us tailor a response plan and equip your managers with ready-to-use templates today.
    Get Immediate HR Support