What are the consequences of a cyber attack, and how do organisations recover?
Describe the consequences of cyber attacks and data loss for individuals and organisations, and explain how backups and business continuity support recovery.
A focused answer to the WJEC GCSE Digital Technology content on the consequences of cyber attacks and data loss, and how organisations recover through backups, disaster recovery and business continuity planning.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
WJEC asks you to describe what actually happens to individuals and organisations when a cyber attack or data loss occurs, and how organisations plan to recover and keep running. The exam form is "describe the consequences of X" or "explain how backups/planning help recovery", so you need a range of distinct consequences and a clear account of recovery measures.
Consequences for organisations
An attack hurts a business in several distinct ways.
Consequences for individuals
People whose data is exposed face real harm too.
Backups and recovery
Backups are the key to recovering lost or encrypted data.
Disaster recovery and business continuity
Planning ahead lets an organisation keep running.
Reasoning through an incident
The exam rewards applying consequences and recovery to a case.
Why this matters
Understanding consequences explains why cyber security matters so much: attacks are not just technical nuisances but cause real financial, legal and personal harm. It justifies the protection methods in the previous dot point and the legal duties in the next one, and it shows why backups are one of the most important defences, because they turn a potential disaster into a recoverable incident. Business continuity thinking is exactly how real organisations prepare for the worst.
Exam-style practice questions
Practice questions written in the style of WJEC exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
WJEC-style4 marksAn online retailer suffers a cyber attack in which customer data is stolen. Describe the possible consequences of this attack for the business.Show worked answer →
Financial consequences: the business may lose money through the cost of investigating and fixing the breach, possible fines for failing to protect personal data, and lost sales while systems are down.
Reputational consequences: customers may lose trust and take their business elsewhere, damaging the company's reputation, especially if the breach becomes public.
Legal consequences: the business could face legal action and penalties for breaching data protection law by not keeping personal data secure.
Operational consequences: services may be disrupted while systems are restored, so the business cannot trade normally.
Markers award one mark for each distinct, relevant consequence (financial, reputational, legal, operational), up to four marks. Strong answers link the consequence to the stolen customer data.
WJEC-style3 marksExplain how regular backups help an organisation recover from a ransomware attack.Show worked answer →
A backup is a separate copy of the organisation's data kept so it can be restored if the original is lost or made unusable.
In a ransomware attack the attacker encrypts the organisation's files and demands payment; if recent backups exist, the organisation can restore its data from them instead of paying the ransom.
This lets the organisation get back to normal operation quickly and avoids losing the data, provided the backups are recent and kept safely (for example off-site or offline so the ransomware cannot reach them too).
Markers award one mark for what a backup is, one for restoring from it instead of paying, and one for the benefit (quick recovery / no data loss) or the condition that backups must be recent and safely kept.
Related dot points
- Describe the main cyber threats (malware, phishing, social engineering, hacking, denial-of-service) and the vulnerabilities that attackers exploit.
A focused answer to the WJEC GCSE Digital Technology content on cyber threats, covering malware, phishing, social engineering, hacking and denial-of-service attacks, and the vulnerabilities that attackers exploit.
- Describe technical and behavioural methods of protecting systems and data, including passwords, firewalls, antivirus, encryption, updates and user training.
A focused answer to the WJEC GCSE Digital Technology content on protecting systems and data, covering passwords, two-step verification, firewalls, antivirus, encryption, software updates, backups, access rights and user training.
- Describe the main laws affecting digital technology (data protection, the Computer Misuse Act and copyright law) and explain the duties and offences each defines.
A focused answer to the WJEC GCSE Digital Technology content on legislation, covering data protection law, the Computer Misuse Act and copyright law, with the rights, duties and offences each one defines.
- Describe the purpose of utility software and the function of common utilities such as antivirus, backup, compression and disk maintenance tools.
A focused answer to the WJEC GCSE Digital Technology content on utility software, covering its purpose and the function of common utilities: antivirus, firewall, backup, file compression and disk maintenance tools.
- Describe the stages of the systems development life cycle (analysis, design, development, testing, implementation and evaluation/maintenance) and explain why a structured process is used.
A focused answer to the WJEC GCSE Digital Technology content on the systems development life cycle, covering the stages from analysis to evaluation and maintenance and why a structured development process is used.
Sources & how we know this
- WJEC GCSE Digital Technology specification — WJEC (2021)
- WJEC GCSE Digital Technology Unit 1 guide — WJEC (2020)