What should self-employed do after a hacker attack?

Which types of businesses are most at risk from cyberattacks?

Cybercrime is no longer just a problem for large corporations. It increasingly affects small businesses and self-employed professionals as well. According to the Cyber Activity Balance 2024: The European Union in Focus report, cyber-criminal activity across the EU rose by around 16 percent compared with the previous year.

The most common forms of attack include ransomware extortion, phishing campaigns and supply-chain attacks, in which hackers gain access to client systems via service providers or software updates. Businesses that handle customer data, use cloud services or manage their IT security on the side are particularly vulnerable – in other words, almost everyone.

Small businesses in particular often underestimate the risk: a single compromised email account or an infected web server can be enough to halt projects or expose sensitive customer data. The consequences range from business interruption and reputational damage to third-party claims for compensation.

To stop this from happening in the first place, businesses should understand how hackers operate and which immediate measures help — the next section explains this.

How does a hacker attack work – and what methods do cybercriminals use?

Cybercriminals now operate at a highly professional level. They employ automated tools, AI-powered phishing emails and carry out targeted supply-chain attacks. Many breaches go undetected until it’s too late. Understanding how attackers operate helps you spot and prevent incidents.

What happens during a ransomware attack?

In a ransomware attack, criminals infiltrate a system with malicious software, encrypt files and demand a ransom – usually in cryptocurrency. The attack often begins with a phishing email or by exploiting a vulnerability in software or remote access points.

Even more malicious: the attackers may also threaten to publish sensitive data if the ransom isn’t paid – a tactic known as double extortion. And even when victims comply, data loss and costly recovery efforts are often unavoidable.

An IT service provider found out how severe a ransomware attack can be in this case: a consulting firm had entrusted its IT environment to an external partner. Through an intern’s terminal desktop, a crypto-trojan entered the system undetected — around 60,000 files were encrypted. The consulting firm sought over €900,000 in damages from the provider. Read how it was resolved here: Ransomware: A Damage Event Involving a Virus and Inadequate Protection.

How does phishing work – and why do people fall for it?

In phishing scams, criminals try to obtain passwords or payment details — often through emails or websites that look deceptively genuine. AI tools now make these messages even more convincing: artificial intelligence generates realistic logos, ensures perfect spelling and even imitates familiar writing styles.

Keep the following tips in mind:

• Maintain a healthy level of scepticism.
• Always verify the sender’s address.
• Never click on links in emails without checking them first.
• Enable multi-factor authentication wherever possible.

A classic example in this area is the fake president trick. In this case, a criminal posed as the company’s CEO to trick employees into transferring money. You can read the full story here: The Fake President Trick: When Scammers Pretend to Be the CEO.

What happens during a supply-chain attack?

In a supply-chain attack, hackers tamper with software updates, cloud services or third-party interfaces. This way, multiple companies can be infected at once. A prominent example is the Kaseya incident: hundreds of firms were encrypted via compromised remote-management software. For businesses that handle client data or rely on third-party tools, this type of attack is especially dangerous — a single compromised access point can put projects and contracts at risk.

• Reduce your exposure with these measures:
• Install software only from trusted sources.
• Enable automatic updates.
• Regularly review which services have access to which data.

Anyone who falls victim to a cyberattack must act fast. In the next section, we explain what immediate steps to take when a hacker attack occurs — and how to limit the damage.

What should you do if you become a victim of a hacker attack?

In the event of a cyberattack, panic is the worst possible response. With the right immediate actions, however, you can contain the damage. The key is to act quickly and follow a clear, systematic plan.

1. Stay calm and isolate affected systems

Disconnect infected devices from the network immediately (LAN/Wi-Fi, external drives, cloud sync). This prevents the malware from spreading further.

2. Preserve evidence
Take screenshots, save log files, and keep any suspicious emails or files. This information will help IT forensics experts and your insurer analyse the incident.

3. Call in experts / report the incident

Contact your IT support team or a specialised IT forensics expert. If you have the Add-on for First-Party Cyber and Data Risks Insurance (FPC) notify your insurer immediately. If you’re insured with exali, professional assistance is available to you right away.

4. Inform clients and partners
If customer data is affected, companies are legally required under the GDPR to notify those impacted. Communicate openly and transparently — don’t try to hide the incident, but demonstrate that you’re taking action

5. Secure access and change passwords
Change all login credentials — including email, cloud, and online banking accounts. Activate multi-factor authentication to prevent renewed unauthorised access.

Which insurance coverage really protects against cyberattacks?

Many business owners ask themselves: do I really need separate protection against cyber losses if I already have a Professional Indemnity Insurance policy?

The answer depends on which types of damage you want to cover. The key distinction is between third-party losses and own (first-party) losses.

What does the Professional Indemnity Insurance with FPC cover?

The exali Professional Indemnity Insurance includes two levels of protection as standard:

• Cover for third-party losses, and
• the optionally extendable First-Party Cyber and Data Risks Insurance (FPC).

Third-party losses: these are damages suffered by your clients or business partners as a result of an attack on your system.

For example, you might accidentally send an infected file, or your website could be hacked and spread malicious software.

→ In such cases, the Professional Indemnity Insurance automatically steps in to assess, defend, or settle any legitimate claims for compensation.

First-Party Cyber and Data Risks Insurance (FPC): This extension applies when you are directly affected — for example, by data loss, a ransomware attack, or the publication of confidential information.

It covers, among other things:

• IT forensics, data recovery and restoration costs
• crisis communication and legal advice (e.g. GDPR notifications)

This additional cover is ideal for anyone who already has a Professional Indemnity Insurance and wants to secure their cyber risks without taking out an extra contract.

How can you protect your business from future hacker attacks?

Cyberattacks are no longer the exception — they’re part of everyday business life, even for freelancers and small companies. The key is to be prepared: use strong passwords, make regular backups and have protection in place that works when a crisis hits.

With exali’s Professional Indemnity Insurance, cyber third-party losses are automatically included. Those who also want to protect their own systems and data can simply add the First-Party Cyber and Data Risks Insurance (FPC).

That way, you’re fully protected and free to focus on what really matters — your business.