SC Insights | Cyber security readiness for law firms: part iii

As firms opt for a more permanent split between homebased and office working, will recognition of the responsibility to provide adequate protection for information assets keep pace with the rate at which legal is exploring new environments in pursuit of greater market share?

In this series we’ve looked back at the outputs and opinions shared in Frontiers 2021: Legal IT Landscapes published in the spring. Back then, firms were expressing enthusiasm to sustain new working practices that relied on rapid and full scale digital adoption. Murmurings of more investment in IT surfaced, admissions that client demand for reassurance their data is in safe hands were made, paired with misguided perceptions that cyber risk had not in fact risen since the switch to remote working became very real. 

“First, clients start to ask whether something is happening, and a year or so later it has become an expectation.” Haynes at Kennedys, Frontiers 2021: Legal IT Landscapes

A mini deep dive into findings shared by Lawcare – that exposes many more risks facing the legal sector in the context of its peoples’ wellbeing – provides a wake up call for any firm convinced cyber threats are isolated from the business as a whole. Cyber threats very much rely on human-shaped vulnerabilities in order to succeed, especially the most common ones, like phishing. Not unlike the common cold, no one will ever achieve full immunity. Boosting our daily intake of vitamin C, however, will almost certainly help us avoid unwanted time out.

With our sights set on thriving post-pandemic, we’re in a powerful position to pick and choose what works and what doesn’t, having more or less survived one of the biggest tests of resilience the world will have endured for generations at this point. Time to look ahead with the help of the ​​UK arm of the Hiscox 2021 Cyber Readiness Report. Professional Services sits at number 6 in the Cyber Threat Ranking Table; promising from the perspective of overall risk score and median cost of cyber events in the last 12 months, however discouraging to see the gradual decline in percentage points awarded to likelihood to prioritise implementing a cyber security policy in the next 12 months, and even less likelihood of cyber attacks being detected. The really good news is that “of the eight markets surveyed for the fifth annual Cyber Readiness Report, the UK market was found to have been the least affected by cyber threats”.

A headstart for reducing cyber risk

Hiscox cyber readiness scores are calculated averages assessed against six domains: Business resilience management, Cryptography and key management, Identity and access management, Security information and event management, Threat and vulnerability management, Trust Management. Taking all six domains together, professional services fared the worst. Source: Figure 10, Hiscox Cyber Readiness Report 2021.

“More firms were targeted by criminals in 2020 than in 2019, and those who needed to defend their business often did so several times. In fact, the survey found that 28% of the businesses that suffered attacks were targeted on more than five occasions in 2020.” Hiscox Cyber Readiness Report 2021,

So the statistics both reveal that we’re in one of the best places geographically to improve on current levels of cyber resilience, and that there’s work to be done. And while everyone is a target for cyber crime, there’s no minimum size for firms keen to level up and reduce overall risk appetite. Doing better is an option open to all.

Demonstrate that you take security seriously: Cyber Security Certifications are a fast, affordable and accessible way to boost competitive and commercial advantage.

A well workforce is your strongest defence: Most cyber attacks don’t involve sophisticated cybercriminal organisations, but neither are they limited to our online sphere. Approach cyber security with a holistic view that directly supports the business case for taking better care of your people above all.  

A simple self-assessment is all it takes to become compliant with the likes of Cyber Essentials and Cyber Essentials Plus (CE+), and there’s even a Cyber Essentials Readiness Toolkit as a first step to getting ahead. Stratia Cyber is an NCSC approved and licensed IASME Consortium Certification body; ask about how we can help guide you through the process.