Why law firms are targets for cybercriminals (and what to do about it)

For cybercriminals, law firms make highly attractive targets – with a shift towards new, digital ways of working enabling new ways for criminals to strike. 

Ransomware, delivered by highly targeted phishing attacks, is the key threat.

A 2022 report by the Solicitors Regulation Authority (SRA) in the UK found that 75% of law firms had been targeted by a cyber attack, and 23% had been directly targeted. 

In four out of five of these attacks, email was involved. 

In total, law firms lost £4 million to ransomware, the survey found.

Later this month, we’ll go into depth on how law firms can stay secure in a special edition of SC Insights – with expert input from legal experts in the UK. 

Felicity Schneider, Administration Director at Littleton Chambers says that the Bar faces very unique challenges in relation to cyber security, including the fact that barristers are self employed and therefore any cyber policies and good practice protocols are difficult to apply centrally. 

In SC Insights, Schneider will explain why Littleton Chambers opted to have members become Cyber Essentials certified to offer a ‘baseline’ level of security. 

Putting security first

The research by SRA found that security is rarely “at the top of the priority list” for legal practices, despite data breaches putting confidential data and sensitive client information at risk. 

This is borne out by other research.  

PwC’s annual Annual Law Firms’ Survey 2022 found that law firms are responding to increased cyber risk – with increases of between 50% and 79% in cyber security spend over the past year. 

But PwC points out that this spend represents between 0.3% and 0.5% of fee income. 

Basic steps such as Cyber Essentials certification can make a huge difference. 

As the NCSC says, ‘Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. 

‘They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. Our advice is designed to prevent these attacks.’

Why Cyber Essentials matters

Law firms, of course, face higher-level threats, including highly targeted phishing attacks – but Cyber Essentials is a good start. 

It’s also an opportunity to differentiate a company from other businesses in the sector. 

The IASME Consortium is the NCSC’s Cyber Essentials Partner, and you’ll find Stratia Cyber listed as a licensed Certification Body under IASME. 

This means we’ve been trained to help you understand the (more technical) assessment questions, how they relate to your organisation and what steps you need to take in order to achieve certification, and are licensed to certify against the Cyber Essentials Scheme.