© Copyright Acquisition International 2025 - All Rights Reserved.

Article Image - Law Firms and Cyber Security: The 4 Most Common Cyber Threats
Posted 28th September 2020

Law Firms and Cyber Security: The 4 Most Common Cyber Threats

Data breaches are becoming more prevalent and the legal sector is a favoured target and is falling victim to cyber-attacks at an alarming rate. Guy Lloyd at CySure explains the 4 most common cyber threats and why the legal sector should step up its focus on cybersecurity.

Mouse Scroll AnimationScroll to keep reading

Let us help promote your business to a wider following.

Law Firms and Cyber Security: The 4 Most Common Cyber Threats
legal data

Data breaches are becoming more prevalent and the legal sector is a favoured target and is falling victim to cyber-attacks at an alarming rate. Guy Lloyd at CySure explains the 4 most common cyber threats and why the legal sector should step up its focus on cyber security.

As data controllers, law firms handle significant volumes of confidential and sensitive information, as well as vast amounts of client funds as part of their daily work. The legal sector is increasingly reliant on technology to conduct its day to day activities. However, many law firms have been slow to put basic cyber security controls in place and as a result are falling victim to a range of malicious cyber activity. Post GDPR, legal firms cannot afford to be complacent about cyber threats. Breaches can affect a company’s stability and severely damage its reputation.

Cyber-attacks continue to occur despite the National Cyber Security Centre (NCSC) issuing its first legal threat report (i) in 2018 warning of the threats in the legal sector. At the time, it reported that £11 million of client money was stolen due to cyber-crime between 2016 and 2017. Today the statistics are even more alarming.

According to a 2019 report on fraud and cyber-crime vulnerabilities in the legal sector (ii), law firms in the UK remain susceptible to cyber attacks.
• 91% of firms are exposed to having their website addresses spoofed and used to send spam, phishing or otherwise fraudulent emails
• 80.5% of firms were running at least one service, such as an email server or webserver, with a well-known vulnerability that could be exploited by hackers
• 21% of firms had at least one service that was using software which was out of date and no longer supported by the developer, putting them at higher risk of attack and service failure.

Therefore, what are the most significant cyber threats that law firms should be aware of?

Phishing – both indiscriminate trawling and line phishing

Phishing is the most common cyber-attack affecting law firms and is particularly prevalent in areas such as conveyancing. Phishing can target both law firms and their clients, with cyber actors spoofing a firm’s email address to make messages to clients more convincing. A poll of law firms showed that approximately 80% have reported phishing attempts (iii). Phishing is a relatively low cost/low tech attack but carries a high reward, making it a popular and lucrative method for cyber criminals.

Data Breaches – theft of data and hacking of client accounts

The loss of client information can have a devastating reputational impact on a sector that has confidentiality at the heart of its business. Data breaches can occur through theft of data and hacking of office or client accounts. However, law firms need to wise up to the risk of the insider threat – both accidental and malicious. The latter can come from an employee seeking financial gain or with a grievance against the firm. According to The Industry Security Forum, over half of all data breaches are caused by insiders (iv).

1. Ransomware – access denial

Ransomware is a type of malware that prevents the victim from accessing files or data on their computer or network until a ransom has been paid (v). Paying the ransom does not guarantee that you will get access to your data/device because attackers may assume that you would be open to paying ransoms in the future. Whilst ransomware is a problem for all businesses, the very nature of the work that law firms do makes them an especially vulnerable target. Many law firms are reluctant to believe they will ever be attacked in this way. However, this belief coupled with the low level of IT resources typically able to address security issues exposes law firms to widespread business disruption.

2. Supply chain disruption

Supply chain compromises are not unique to the legal sector but as a threat, they are increasing. A law firm’s supply chain can be compromised in several ways but the most common is a third party supplier failing to adequately secure the systems that hold a firms sensitive data. The increasing use of digital technologies to deliver legal services offers further avenues for exploitation. Before law firms can do anything to secure their supply chain, they need to understand the risks and have confidence in their third-party suppliers. It’s important for law firms to establish effective control and oversight of their suppliers and ensure they have basic cyber security controls in place.

Cyber security can no longer be an afterthought

It is time for the legal sector to take cyber security seriously. Failing to do so will only lead to devastating repercussions in the not-so-distant future. Make your firm a tougher target by becoming certified with Cyber Essentials. Cyber Essentials is a government and industry backed certification scheme. It sets out basic technical controls for organisations to use which are then annually assessed. It also lays the foundation to developing policies and procedures to mitigate against threats that can impact business operations. Being fully Cyber Essentials compliant is said to mitigate 80% of the risks faced by businesses such as phishing, malware infections, social engineering attacks and hacking. Using an online information security management system (ISMS) that incorporates GDPR and Cyber Essentials Plus is a simple and cost-effective way to carry out a gap analysis and highlight the areas that your business needs to focus on.

Educate employees

One of the most effective defences against cyber-crime is to help employees understand how attacks happen. It makes sense to train them to recognise spam and other phishing techniques, so they don’t get fooled into enabling a cyber-attack. In addition, ensure procedures are in place as to what should be done in the event of the worst happening.

Information management security systems such as CySure’s provides businesses with a staged approach to compliance and certification. Guided by CySure’s virtual online security officer (VOSO) firms have a low-cost way to proactively protect themselves against a whole range of the most common cyber-attacks. For more information visit CySure.

(i) NCSC
(ii) Kynd.io
(iii) Law Society research: online cybersecurity poll, June 2018 and i100 partners
(iv) Security Forum
(v) Lawyers defence Group

Categories: Legal


You Might Also Like
Read Full PostRead - Eye Icon
Redefining Business Advisory Services
News
26/07/2022Redefining Business Advisory Services

Recognising the clear, unmet need for a reliable one-stop shop for business, financial and professional services, Occams Advisory was founded in 2012 to provide complete solutions in the areas of Business Services and Growth Incubation (BSGI), Capital Markets

Read Full PostRead - Eye Icon
Kong Announces Launch of New Premium Technology Partner Programme to Enhance Developer Ecosystem
Innovation
17/09/2024Kong Announces Launch of New Premium Technology Partner Programme to Enhance Developer Ecosystem

Kong In, the leading developer of cloud API technologies, unveiled during the company’s annual API Summit, its new Premium Technology Partner Programme.

Read Full PostRead - Eye Icon
A Strong Footing in the Stock Market: Exploring Investment Strategies
Finance
10/03/2022A Strong Footing in the Stock Market: Exploring Investment Strategies

Standing at about $93 trillion, the stock market seemed primed for a next mega move that could thrust its valuation to over $100 trillion--or better. This is impressive, but what are the best strategies to become a part of this super wave?

Read Full PostRead - Eye Icon
BMW Group Achieves Best-ever March Sales
Strategy
14/04/2015BMW Group Achieves Best-ever March Sales

Deliveries of BMW Group vehicles in March reached a new high contributing to the company's best ever first quarter sales figures

Read Full PostRead - Eye Icon
SolarWinds Transforms Your Standard Operating Procedure to Proactive and Productive
News
21/10/2022SolarWinds Transforms Your Standard Operating Procedure to Proactive and Productive

Standard operating procedures (SOPs) are a part of every organization. SOPs are processes that outline the procedure of performing a task. SOPs allow companies to hire anyone with the right qualifications as they can do the job as long as they follow the stand

Read Full PostRead - Eye Icon
Offering True Customisation in Every Sense of the Word
Leadership
09/01/2020Offering True Customisation in Every Sense of the Word

RAK Ceramics is known for their wide product selection and ability to produce bespoke ranges for both small and large scale projects. Recently, the firm found success in AI’s Global Excellence Awards 2019 where they were selected as the World Leaders in Cera

Read Full PostRead - Eye Icon
Hillarys transforms contact centre operations with IPI
Finance
08/10/2019Hillarys transforms contact centre operations with IPI

Contact centre enhancements save £500K in first year, reduce attrition rates, boost customer experience and employee engagement as part of programme of digital transformation.

Read Full PostRead - Eye Icon
What Are the Top Industries to Invest in for 2021?
Finance
15/07/2021What Are the Top Industries to Invest in for 2021?

The business world has been radically changed over the past year. What were originally projected to be prosperous industries have now fallen from grace, whilst other business sectors have unexpectedly risen from the ashes (hand sanitiser, anyone?). As well as

Read Full PostRead - Eye Icon
State-Of-The-Science Environmental IT Solutions
Innovation
16/10/2019State-Of-The-Science Environmental IT Solutions

Having recently been recognized by AI as the Best Specialist Environmental Software Solutions Firm 2019 – Ontario, we profiled Lakes Software and caught up with the firm’s Bryan Matthews (US Operations Manager) who provided us with a glimpse into the inner



Our Trusted Brands

Acquisition International is a flagship brand of AI Global Media. AI Global Media is a B2B enterprise and are committed to creating engaging content allowing businesses to market their services to a larger global audience. We have a number of unique brands, each of which serves a specific industry or region. Each brand covers the latest news in its sector and publishes a digital magazine and newsletter which is read by a global audience.

Arrow