The legal profession and cybersecurity—Are you protected?

The legal profession and cybersecurity—Are you protected?

Cybersecurity filled the headlines of 2018, with large mainstream companies such as Facebook, British Airways and FIFA all experiencing catastrophic security breaches to user’s data privacy and sensitive business documents. Alongside the headlines, May 2018 also saw the implementation of new data protection requirements under the new GDPR, which increased businesses need for protecting their client’s data. As the hidden risks of cybersecurity begin to breach the surface, in our recent Is Your Tech Smart? report, LexisNexis uncovered that law firms feel cybersecurity and staying GDPR compliant is the third most urgent challenge they are facing.

By nature, the legal profession is a sensitive line of work making them attractive to cyber criminals seeking things such as client information, case documentation and, among other things, funds for commercial and business transactions. PWC revealed that in 2017 alone, 60% of law firms reported information security breaches, which was up from 42% in 2014. With an increasing number of these instances being identified, it’s clear that the UK legal sector is experiencing significant and growing cyber security threats.

Cybersecurity threats can sometimes be motivated by information gain, for example nation states wanting to gain access to information which will give them a strategic or economic advantage. These threats are often financially motivated—this especially applies to the legal profession. As a profession, which values financial reputation, this can be significantly injured by cyber attacks making it hard to repair reputational damage and regain public trust. In 2016-17 for example, the SRA reported that more than £11m of client money was stolen due to cyber crime. As well as the legal sector having a high financial turnover, smaller firms are often seen to be an ‘easy target’, due to their significant fund holdings, but patchy cyber protection resource. They also usually have a small team managing the entire businesses infrastructure, with limited IT resources.

Cyber criminals are known to use a variety of methods to hack into online security systems and retrieve the information they need. The Law Society identified in a June 2018 survey the top three types of attacks being witnessed by law firms. Phishing emails were identified as one of the biggest concerns, with 81% of those surveyed suffering from hacker attempts to obtain financial or confidential information through sending fraudulent emails to people at the firm. These emails

Subscription Form

Related Articles:
Latest Articles:

Already a subscriber? Login
RELX (UK) Limited, trading as LexisNexis, and our LexisNexis Legal & Professional group companies will contact you to confirm your email address. You can manage your communication preferences via our Preference Centre. You can learn more about how we handle your personal data and your rights by reviewing our  Privacy Policy.

Access this article and thousands of others like it free by subscribing to our blog.

Read full article

Already a subscriber? Login

About the author:

Hannah is one of the Future of Law blog’s digital and technical editors. She graduated from Northumbria University with a degree in History and Politics and previously freelanced for News UK, before working as a senior news editor for LexisNexis.