Home
About Us
Our StoryContact UsAdvertise With UsOur Media PackOur Team
Latest News
Corporate Social ResponsibilityCATEGORYFinanceCATEGORYInnovationCATEGORYLeadershipCATEGORYLegalCATEGORYM&ACATEGORYStrategyCATEGORYTechnologyCATEGORYView All Articles
Issues (Magazine)
August 2025LATESTJuly 2025June 2025View All Publications
Our Awards
Current AwardsArchived AwardsRecent Winners
SubscribeFREE

© Copyright Acquisition International 2025 - All Rights Reserved.

Article Image - Law Firms and Cyber Security: The 4 Most Common Cyber Threats
Posted 28th September 2020

Law Firms and Cyber Security: The 4 Most Common Cyber Threats

Data breaches are becoming more prevalent and the legal sector is a favoured target and is falling victim to cyber-attacks at an alarming rate. Guy Lloyd at CySure explains the 4 most common cyber threats and why the legal sector should step up its focus on cybersecurity.

Mouse Scroll AnimationScroll to keep reading
Let us help promote your business to a wider following.
Chat To Sales See Our Awards

Home » News » Legal » Law Firms and Cyber Security: The 4 Most Common Cyber Threats

Law Firms and Cyber Security: The 4 Most Common Cyber Threats
legal data

Data breaches are becoming more prevalent and the legal sector is a favoured target and is falling victim to cyber-attacks at an alarming rate. Guy Lloyd at CySure explains the 4 most common cyber threats and why the legal sector should step up its focus on cyber security.

As data controllers, law firms handle significant volumes of confidential and sensitive information, as well as vast amounts of client funds as part of their daily work. The legal sector is increasingly reliant on technology to conduct its day to day activities. However, many law firms have been slow to put basic cyber security controls in place and as a result are falling victim to a range of malicious cyber activity. Post GDPR, legal firms cannot afford to be complacent about cyber threats. Breaches can affect a company’s stability and severely damage its reputation.

Cyber-attacks continue to occur despite the National Cyber Security Centre (NCSC) issuing its first legal threat report (i) in 2018 warning of the threats in the legal sector. At the time, it reported that £11 million of client money was stolen due to cyber-crime between 2016 and 2017. Today the statistics are even more alarming.

According to a 2019 report on fraud and cyber-crime vulnerabilities in the legal sector (ii), law firms in the UK remain susceptible to cyber attacks.
• 91% of firms are exposed to having their website addresses spoofed and used to send spam, phishing or otherwise fraudulent emails
• 80.5% of firms were running at least one service, such as an email server or webserver, with a well-known vulnerability that could be exploited by hackers
• 21% of firms had at least one service that was using software which was out of date and no longer supported by the developer, putting them at higher risk of attack and service failure.

Therefore, what are the most significant cyber threats that law firms should be aware of?

Phishing – both indiscriminate trawling and line phishing

Phishing is the most common cyber-attack affecting law firms and is particularly prevalent in areas such as conveyancing. Phishing can target both law firms and their clients, with cyber actors spoofing a firm’s email address to make messages to clients more convincing. A poll of law firms showed that approximately 80% have reported phishing attempts (iii). Phishing is a relatively low cost/low tech attack but carries a high reward, making it a popular and lucrative method for cyber criminals.

Data Breaches – theft of data and hacking of client accounts

The loss of client information can have a devastating reputational impact on a sector that has confidentiality at the heart of its business. Data breaches can occur through theft of data and hacking of office or client accounts. However, law firms need to wise up to the risk of the insider threat – both accidental and malicious. The latter can come from an employee seeking financial gain or with a grievance against the firm. According to The Industry Security Forum, over half of all data breaches are caused by insiders (iv).

1. Ransomware – access denial

Ransomware is a type of malware that prevents the victim from accessing files or data on their computer or network until a ransom has been paid (v). Paying the ransom does not guarantee that you will get access to your data/device because attackers may assume that you would be open to paying ransoms in the future. Whilst ransomware is a problem for all businesses, the very nature of the work that law firms do makes them an especially vulnerable target. Many law firms are reluctant to believe they will ever be attacked in this way. However, this belief coupled with the low level of IT resources typically able to address security issues exposes law firms to widespread business disruption.

2. Supply chain disruption

Supply chain compromises are not unique to the legal sector but as a threat, they are increasing. A law firm’s supply chain can be compromised in several ways but the most common is a third party supplier failing to adequately secure the systems that hold a firms sensitive data. The increasing use of digital technologies to deliver legal services offers further avenues for exploitation. Before law firms can do anything to secure their supply chain, they need to understand the risks and have confidence in their third-party suppliers. It’s important for law firms to establish effective control and oversight of their suppliers and ensure they have basic cyber security controls in place.

Cyber security can no longer be an afterthought

It is time for the legal sector to take cyber security seriously. Failing to do so will only lead to devastating repercussions in the not-so-distant future. Make your firm a tougher target by becoming certified with Cyber Essentials. Cyber Essentials is a government and industry backed certification scheme. It sets out basic technical controls for organisations to use which are then annually assessed. It also lays the foundation to developing policies and procedures to mitigate against threats that can impact business operations. Being fully Cyber Essentials compliant is said to mitigate 80% of the risks faced by businesses such as phishing, malware infections, social engineering attacks and hacking. Using an online information security management system (ISMS) that incorporates GDPR and Cyber Essentials Plus is a simple and cost-effective way to carry out a gap analysis and highlight the areas that your business needs to focus on.

Educate employees

One of the most effective defences against cyber-crime is to help employees understand how attacks happen. It makes sense to train them to recognise spam and other phishing techniques, so they don’t get fooled into enabling a cyber-attack. In addition, ensure procedures are in place as to what should be done in the event of the worst happening.

Information management security systems such as CySure’s provides businesses with a staged approach to compliance and certification. Guided by CySure’s virtual online security officer (VOSO) firms have a low-cost way to proactively protect themselves against a whole range of the most common cyber-attacks. For more information visit CySure.

(i) NCSC
(ii) Kynd.io
(iii) Law Society research: online cybersecurity poll, June 2018 and i100 partners
(iv) Security Forum
(v) Lawyers defence Group

Categories: Legal

Sidebar Image - Our Awards
Our Awards

Discover our award winners and nominate businesses you know deserve recognition!

View Our Awards
Sidebar Image - Our Issues
Our Issues

Keep up to date with industry leading news, and key business features.

View Our Issues
You Might Also Like
Read Full PostRead - Eye Icon
DWF Advise Capita’s Acquisition of Pervasive NetworksLegal
30/07/2015DWF Advise Capita’s Acquisition of Pervasive Networks

DWF Advise Capita's Acquisition of Pervasive Networks

Read Full PostRead - Eye Icon
4 Tech Pitfalls to Avoid When Launching a StartupNews
31/01/20224 Tech Pitfalls to Avoid When Launching a Startup

Starting a business can be an effective way to boost your finances. It allows you to be innovative by thinking of marketing strategies to promote your business and succeed financially. That’s why you see most young professionals turn to entrepreneurship inst

Read Full PostRead - Eye Icon
Business Beyond the Bottom Line: A New Era of EnterpriseNews
12/08/2024Business Beyond the Bottom Line: A New Era of Enterprise

Business Beyond the Bottom Line: A New Era of Enterprise Picture credit A paradigm shift is underway in the rapidly evolving landscape of modern business. Companies are increasingly recognizing that success is not solely defined by financial metrics but by a b

Read Full PostRead - Eye Icon
Next-Gen Shopping App Introduces Aisle Sat-Nav, Facial Age-Verification, Queue-Less and Till-Less Checkout To The High StreetInnovation
11/03/2020Next-Gen Shopping App Introduces Aisle Sat-Nav, Facial Age-Verification, Queue-Less and Till-Less Checkout To The High Street

Ubamarket is the only tech of its kind to increase purchases and secure more footfall for high street retailers. This is a much-needed solution amidst the decline of the UK retail industry following the rise of e-commerce, which has seen large quantities of cu

Read Full PostRead - Eye Icon
New Research Reveals Discrepancy Between Public and Business EthicsFinance
08/06/2015New Research Reveals Discrepancy Between Public and Business Ethics

New research reveals 70% of people want to invest ethically but the financial services industry is failing to respond

Read Full PostRead - Eye Icon
Why More Female Founders Are Turning to Crowdfunding and Tips from a Female Founder on How to Raise FundsLeadership
13/12/2022Why More Female Founders Are Turning to Crowdfunding and Tips from a Female Founder on How to Raise Funds

It’s widely reported that female founded businesses get less funding than male, and while venture capital boomed in 2021, women-led start-ups didn’t reap the benefits. Research from the European Investment Bank revealed that female entrepreneurs secured on

Read Full PostRead - Eye Icon
Sharing Key Messages Across the Global CommunityInnovation
01/11/2016Sharing Key Messages Across the Global Community

Cisco build and creates the protocols that run the internet, and is involved in software service, the Cloud and Internet of Things.

Read Full PostRead - Eye Icon
Remote Working and Cybersecurity – Increasing Threats and What Businesses Can Do About ItNews
01/07/2021Remote Working and Cybersecurity – Increasing Threats and What Businesses Can Do About It

The pandemic-fuelled shift to remote working has been a necessary adaptation to the world of work, helping us maintain social distancing and ultimately slow the spread of COVID-19.

Read Full PostRead - Eye Icon
The Pros & Cons of Employee Stock Ownership PlansFinance
02/03/2016The Pros & Cons of Employee Stock Ownership Plans

An Employee Stock Ownership Plan and Trust (ESOP) can produce greater commitment and productivity from employees and, in turn, greater fair market value of a corporation, provided that employees understand how their work affects the creation of such value.

View More Articles
Advert banner - ACQ - Global CFO Excellence Awards 2025 AD
Our Trusted Brands

Acquisition International is a flagship brand of AI Global Media. AI Global Media is a B2B enterprise and are committed to creating engaging content allowing businesses to market their services to a larger global audience. We have a number of unique brands, each of which serves a specific industry or region. Each brand covers the latest news in its sector and publishes a digital magazine and newsletter which is read by a global audience.

CEO Monthly
BUILD Magazine
SME News
Wealth & Finance International
EU Business News
MEA Markets
Corporate Vision
APAC Insider
GHP News

MORE BRANDS

Arrow
ECAHLIGerson Lehrman Group (GLG)Launch Africa VenturesVantage Tax & Business ServicesDSA KalmanAnalytics & AI Association of the PhilippinesCYECEKLTExtremis Publishing Ltd.Diplomatic CoalitionDr Ger Graus OBE Consulting LtdCADESS.AIZombietrail StadenRCT Heart HeroesEqual GoalsEstonian Virtual and Augmented Reality AssociationThe Neurodiversity AcademyCadef CameroonSweet Life Diabetes CommunityCities & CollaborationTransgender Equality Hong Kong,The Balnaves FoundationVERITAS Professional ServicesSilbaBottom UpTDG Furniture ExchangeMovement 4 HealthRestart AfricaCrossing Point Investment Management LtdPolarstepsWildlife Forensic AcademyPrivalgoCommunity Libraries NetworkCool Beans Underwear Pty LtdFORRT