Law firms and cyber crime; the growing threat to the UK legal sector

Posted by Angela Messenger on November 1, 2018

Cyber crime is a growing concern for all businesses across every industry, and even more so for those who operate in vulnerable sectors, such as law firms. The latest threat report from the NCSC highlights the rising cyber security concerns and the UK legal sector’s attractiveness to cyber criminals.[1]

60% £11m

of law firms reported an information security incident in the last year; an increase of 20% YoY[2]

was stolen due to cyber crime in 2016/17, the Solicitors Regulation Authority (SRA) reports[2]


Law firms, as with all modern day working practices, are heavily reliant on technology. We live in a digital economy where flexible working, 24/7 access to information and online transactions are the norm. The sheer amount of expected connectivity makes everyone vulnerable. The Department for Digital, Culture, Media and Sport undertook a cyber security breaches survey earlier this year and found that 98% of all types of UK businesses rely on some form of digital communication or services[3], which exemplifies the scale of why cyber security should be a high priority.

The numbers

Recent figures are alarming. Particularly so for legal firms who admit they need a greater awareness of cyber security.

Christina Blacklaws, President of The Law Society, mentioned in the threat report:

“In the post-GDPR world and as the sector delivers and transacts more online, it’s vital that we get a common view and understanding of cyber threats and their impact.”[4]

Although there is a plethora of resources available, the sector struggles to understand the cyber threat landscape. 60% of law firms in 2017 reported an incident, but that’s only those who identified a problem. There has been a 42% increase in reported incidents since 2014[5]. This could mean either businesses are more aware so are reporting cases, or cyber crime is on the rise. It's most likely a combination of both.

Profiling law firms

The legal sector is particularly vulnerable due to the volume of data, sensitive information, financial responsibility and authority it holds. If a law firm specialises in corporate or property law, they are at a greater risk, as the financial gain is unprecedented.

As highlighted in the threat report, the main reason law firms are targeted is for financial gain, but there is a growth in cyber adversaries seeking political, economic or ideological goals.

Law firms are perceived to be an easy target – particularly smaller firms as they don’t have the same resources as larger practices, but they still hold significant funds. Also, they most likely have a small team managing their entire business infrastructure, with limited IT security resources available.

It is often misconstrued that cyber security is undertaken by the IT department, but the truth is that every department is accountable. Cyber security is part of the bigger information risk management picture, and it requires emphasis from business leaders.

Impact of falling foul

The implications of a cyber attack for any business are detrimental, even more so when your business mentality and core service is built on trust and discretion. Not only do law firms and their clients have to consider the financial impact, but reputational damage for the practice can be irreversible.

Therefore, to ensure law firms are protected and keep their data and intellectual property (IP) secure, they need to be aware of the following cyber threats. These three were identified in the NCSC's report as being the most significant to the legal sector.

Cyber threats to be aware of

1.   Phishing
Email is the main route in for social engineering attacks. Phishing scams, can include impersonation, intercepted emails and/or malicious attachments. The aim of threat actors responsible for the attack is to provoke users to make a mistake, such as disclosing sensitive information, providing users credentials or downloading malware. Business email compromise (BEC) is a new strand of social engineering attacks, where an adversary commits email fraud by imitating an owner's identity for financial gain.

“The most common security incidents continue to be phishing attacks. 12% of firms claim to be recipients of such attacks on a daily basis, with a further 30% identifying attacks on either a weekly or monthly basis.” PWC Law Firms’ Survey Report 2017

2.   Ransomware
This type of attack locks users out of systems and prevents them from accessing data, with adversaries demanding payment for decryption, though there is no guarantee that paying the ransom will resume normality. Financial gain is the predominant motive behind these cyber attacks, however, with the rise in organised crime, threat actors are also looking to cause disruption to earn respect within the hacktivist network.

DLA Piper, one of the world’s biggest law firms, suffered a Petya cyber attack on 27 June 2017. It is a prime example which exemplifies the consequences of falling foul to a ransomware attack. “For two days after the attack, all telephones and emails at DLA Piper, which has about 3,600 lawyers in 40 countries, including in Kiev, the Ukrainian Capital, were knocked out… nine days on from the attack, it [had] not managed to regain complete access to emails sent or received before the ransomware struck… On July 2, it issued a statement to say it [had] ‘brought our email safely back online, and continue to bring other systems online in a secure manner’.”[6]

DLA Piper is a practice that provides cyber security advice and manages thousands of client accounts. As a result of the compromise, repairing the reputational damage would be an enormous undertaking, but to also suffer such a long period of downtime, the financial losses would be extortionate. The financial impact to DLA Piper was estimated to be in the millions.[6]

3.   Supply chain compromise
Cyber criminals are attracted to easy targets. They will always go for the weakest link in the chain, often a third party supplier, which results in supply chain compromise. Cyber adversaries look to harvest information, intercept business transactions and exploit vulnerabilities.

Law firms can be targeted by these cyber attacks in two ways:

  1. Their supply chain can be targeted, such as a data centre to extract client information
  2. They are the link in the supply chain; e.g. cyber criminals could impersonate their domain to redirect financial transactions to their own accounts

Next steps

Take action and be prepared. As we touched on earlier, there is an abundance of resources available to help law firms adopt a cyber security mindset – notably, the recent legal sector threat report from the NCSC raises awareness and highlights safeguards that can be put in place.

Law firms can also choose to work with a managed security service provider (MSSP). The benefit of working with an expert is they will help reduce the chance of cyber attacks, manage your attack surface, limiting vulnerabilities and providing complete peace of mind for your IT security. They implement the right cyber protection for your business, to achieve and maintain low risk. Law firms that handle extremely sensitive material, and are therefore considered highly vulnerable, should choose to partner with a MSSP. Our recent post on the subject of understanding the value of a MSSP provides useful further reading.

In addition, speak to peers. The Law Society offers a good support network and is a worthy first port of call.

Speak to an expert, let's start a conversation

This is where CORVID can help. The team lives and breathes cyber. They understand that one size doesn’t fit all when it comes to cyber security. They take the time to understand your business objectives, concerns and risks, before providing the right cyber security solution to solve the problem.

Find out more about how CORVID can benefit the legal sector.

Download law firms and cyber crime article

  1. 'The cyber threat to UK legal sector' 2018 report
  2. New NCSC report highlights threats to the UK legal sector
  3. ‘Cyber Security Breaches Survey 2018: Statistical Release; Department for Digital, Culture, Media & Sport, Ipsos MORI and University of Plymouth, April 2018
  4. ‘The cyber threat to UK legal sector’ threat report; NCSC, The Law Society and NCSC Industry 100, July 2018
  5. Time for change PwC Law Firms’ Survey 2017
  6. DLA Piper hack could cost 'millions', brokers say