Cyber threats to the legal industry

Protect your firm by ensuring you have the necessary insurance coverage in place

Get a quote
Back to news

As technology continues to advance, cyberattacks are becoming increasingly common and sophisticated. Attacks on law firms typically follow a similar pattern and profile, suggesting that they and their staff are being actively targeted.

Given the vast quantity of sensitive data exchanged, (both personal and commercial) the potential for significant business interruption and loss of income is greater than ever before.

A recent survey carried out by the Law Society found that 65% of Law Firms have been a victim of a cyber incidenti. It advised the most common attacks are:

  • fraudulent emails
  • viruses
  • malware

These are all examples which are used by cyber criminals to deploy ransomware which will sabotage a firm’s systems and exfiltrate their confidential data. Of course, it is not just the threat of the deployment of ransomware and data exfiltration by cyber criminals from which law firms have cyber exposures.

Irrespective of how robust your security and controls are, human error is a common cause of cyber related losses; it only takes one person to make one mistake.

Key cyber exposures (include, but are not limited to):

  • Deployment of ransomware and encryption of target business data
  • Exfiltration of confidential customer, third party and employee data, with the threat of selling / leaking online unless ransom demand is paid
  • Operations within the target business disrupted by Distributed Denial-of-Service (DDoS) attacks, designed to bring additional pressure on the victim to pay a ransom demand
  • Business e-mail compromise events
  • System failure / data corruption - where networks, systems and data cannot be accessed

Do I have a cyber exposure?

  • Do you hold client data?
  • Do you hold employee data?
  • Do you hold Client Bank Details and/or process payment card information?

If you have answered yes to any of these questions, investing in Cyber Insurance is imperative. Protect your firm by ensuring you have the necessary insurance coverage in place.

Industry Articles

In a recent article the Law Society delved into how a solicitor has been fined by the Solicitors Disciplinary Tribunal for inappropriate handling of a fraudulent payment as part of a conveyancing cyber scam. The solicitor was highly experienced and had to pay £26,000 in fines and costs due to negligenceii.

It is not just the Law Society highlighting the risks faced by their members. The SRA recently published an article advising that cyberattacks now make up to 75% of all reported crime within the UK. It also reminded members of Rule 4.2 of the code of conduct for individuals and Rule 5.1 the code of conduct for firmsiii.

These place an obligation on firms to “safeguard money and assets entrusted to you by clients and others; everyone should be alive to the threat of cybercrime and all firms should take steps to eliminate or mitigate against this risk”.

Take preventative steps

As a matter of course firms should take preventative steps to mitigate the risk of a cyber attack. Unfortunately, there is no silver bullet and a good overall level of cyber security remains key.

All firms must ensure they remain compliant with the steps they have put in place and ensure that all staff are aware of the potential cyber-security dangers.

Cyber Insurance Policy

Given the complexity, prevalence and sophistication of cyber attacks, and potential damage inflicted to operational ability, income and reputation, the threat posed by cyber criminals needs to be taken very seriously. PIB recommends all solicitors should have an appropriate level of protection in place via a cyber insurance policy.

Such a policy provides so much more than just insurance, providing, for example:

  • 24/7 access to IT forensics, Data
  • Support in complying with Data Protection legislation and notification obligations in the event of a data breach
  • Data restoration and rectification (even back-ups can be affected)
  • Access to specialist Ransom and Extortion advisors
  • Access to cyber risk management tools

Forums for Solicitors - Stay Informed

PIB Insurance Brokers in association with The Strategic Partner will be holding Forums for Solicitors shortly which will be free to attend. In our upcoming session, we will discuss cybercrime. We will cover what it is, how to know you are under attack and the defence you should have lined up against this threat, including further information on cybercrime policies. We will also cover your regulatory requirements and reporting obligations.

ihttps://www.lawsociety.org.uk/topics/blogs/are-you-the-65-percent-or-the-35-per-cent-65-percent-of-law-firms-cyber-attack-victim

iihttps://www.lawsociety.org.uk/topics/%20regulation/solicitor-fined-for-failing-to-spot-friday-afternoon-cyber-fraud.

iiihttps://www.sra.org.uk/solicitors/resources/cybercrime/

Please get in touch and we will send further information on how to attend our next forum

Find out more