Taken From: http://www.legalrss.uk/

← Back

Law Firms Prime Targets for Hackers

digital pathwaysThe legal sector is an especially attractive target for cyber criminals due to the wealth of sensitive information held by law firms.

Patent data, merger and acquisition information, negotiation information, and protected witness information are just some examples of sensitive commercial data and intellectual property that are highly desirable to cyber criminals, hacktivists, and state-sponsored parties and it is easy to see why legal firms are rich with opportunity for these groups.


Financial loss is rarely the most detrimental issue for businesses where cyber attacks are concerned. Trust is integral to the operation of the legal sector and a successful cyber-attack has the potential to cause long-term reputational damage, with severe implications for the future of that firm.


Legal Week’s Benchmark study, entitled ‘Locked Down?’, in association with Stroz Friedberg, highlights some of the issues that make the legal sector more vulnerable to cyber-attacks than other industries:


Non-lawyers are far more likely (52%) than law firms (35%) to have a response plan in place for cyber-attacks
Respondents from the legal sector are less likely (35%) to include external cyber security experts than non-lawyers (53%) in their attack contingency planning


Less than a third (31%) of people working in law firms believe that their top management fully understand the issues around cyber security, compared to 36% outside the law



Law firms fall behind the rest of the commercial world in terms of estimating the implications of a cyber-attack. Only 9% have worked out potential costs, compared to 26% in businesses outside the legal sector.



Colin Tankard, Managing Director of data security company Digital Pathways, says, ‘All sectors of business should pay more attention to cyber security but law firms, in particular, are being targeted as cyber criminals recognise the wealth of valuable information they handle and store’.


In the past, the responsibility for managing cyber security has sat solely with the IT team. Whilst technology is a key factor in ensuring on-going protection, there is an important role to be played by employees, processes, and organisational culture in protecting against cyber threats. When security is a shared responsibility across an organization, and staff are empowered with knowledge, the ability to avoid a breach, and detect a compromise more quickly, is increased.


According to the latest ISO Survey, there was a 17.6% growth in the number of ISO 27001 certificates in the UK last year. This certification is an internationally recognised cyber secure status, and is reassuring for potential and current clients. Many leading law firms have already achieved certification to the Standard as a means of proving their commitment to securing their clients’ data.


Adds Tankard, ‘Rather than being an inconvenience, or a significant cost that will not provide a return on investment, information security and protection of client data is, increasingly, seen as a key differentiator. In a world where contracts are won and lost based on very small margins, each differentiator counts.


‘Neither should we forget that the General Data Protection Regulations (GDPR) will come into force in May 2018.  This piece of European legistlation (which the ICO have confirmed they will adopt post Brexit) will fine Partners of firms where data has been lost and where is can be shown that the data was not adequately secured. These fines can be as much as 4% of annual global turnover, or €20 million depending on which is greater.’


The threat to the cyber landscape is ever changing. The legal sector, as with all businesses, need to give cyber security their full attention in order to protect their clients and their own interests, whilst attracting new business.


Contact us for more information

← Back

Contact Us



Division of:

Best Practice Online Ltd
9 Howell Rd

+44 (0)1392 423607