Cyber incidents in law firms – FAQs answered

Miller InsuranceBy Legal Futures Associate Miller Insurance

Many firms, especially in the legal sector, don’t see cyber-attacks as a credible threat and therefore fail to protect themselves sufficiently. As recent incidents have shown, fines are actively being given by the Information Commissioner’s Office for insufficient handling of cyber incidents and claims are being made following a cyber-attack. Our cyber for law firms specialist, Sam Jobling answers some of our most frequently asked questions.

What are the common causes of cyber incidents in the legal sector? 

A cyber incident, in short, is any disruption to a network and can be caused by a number of factors including:

  • Cyberattacks: The legal sector is often targeted by cybercriminals due to the sensitive and valuable information it handles. Hackers may use various techniques such as phishing, malware, ransomware, or social engineering to gain unauthorised access to data.
  • Weak security measures: Insufficient cybersecurity measures, such as weak passwords, lack of encryption, unpatched software, or inadequate network security, can make legal firms vulnerable to data breaches.
  • Regulatory compliance issues: Non-compliance with data protection regulations, such as the General Data Protection Regulation (GDPR) or industry-specific requirements, can result in data breaches and legal consequences.
  • Human error: Mistakes made by employees, such as sending sensitive information to the wrong recipient, accidental deletion of data, or mishandling of physical documents, can also result in data breaches.

We frequently hear of multi-factor authentication and patch management. What are they?

Multi-factor authentication (MFA) is a security measure that adds an extra layer of protection to the authentication process. It requires users to provide two or more independent forms of identification to verify their identity before accessing a system or account.

Patch Management is the process of implementing and applying updates to your software.

Should all law firms have these?


The lack of MFA is one of the most common contributing factors for ransomware attacks. Cyber insurers now require MFA to sign in for remote access, access to critical systems, access to backups, and privileged/administrator access, as an absolute minimum standard to obtain cyber insurance.

Law firms deal with sensitive client information, confidential legal documents, and often handle cases involving high-value assets. As such, they are prime targets for cyberattacks. Implementing MFA is strongly recommended for law firms to enhance their security posture and protect both their own data and that of their clients.

Patch management is equally important. Leaving software unpatched can leave massive holes in your cyber security, giving hackers easy access.

What should law firms do to avoid attacks and breaches, as well as fines from the ICO?

MFA is one of several processes that can improve your overall cyber security posture. With ransomware attacks increasing significantly, both in volume and value of the demands, it is important that you review the controls in place and ensure that you are working to protect the data you hold – both your own organisational data but also the data of third parties.

Other key security controls sought after by insurers are:

  • regular phishing training and awareness for all employees
  • identify and minimise the users on the network who have local admin rights/provisions
  • implement an endpoint detection and response (EDR) solution
  • regularly review and carry out due diligence of any third-party vendors
  • implement tools to monitor administrator access
  • ensure backups are regularly tested and kept offline where possible.

Are cyber incidents covered under a firm’s professional indemnity (PI) policy? 

A firm’s PI policy may provide some cover for claims caused by cyber issues as part of the general negligence / civil liability cover; however there are likely to be exclusions and limitations. It is unwise to rely solely on your PI policy to provide proper protection against the cyber risks faced by a business.

Do I really need a cyber policy? 

If a firm relies on its networks to conduct business, holds sensitive personal data or is a possible target for activists, they should seriously consider a cyber policy. Cyber insurance provides a firm with a back stop that will pay the costs incurred to help resolve a cyber incident, repair damage and restore lost data. It will also respond if a claim is brought against them from a third party because of that cyber incident.

First party cover includes:

  • Incident response – a 24/7 cyber response hotline as well as IT forensic experts to help find the cause and extent of a security breach and a legal counsel to ascertain your obligations under the correct jurisdictions. Vital to a firm’s survival.
  • Business interruption – a lifesaver as some firms may be out of operation for several weeks
  • Cyber extortion – without this, firms may have to pay a ransom out of their pocket, which many simply can’t afford
  • Digital asset loss
  • Dependent business interruption (i.e a third party provider is shut down and causes a disruption to your business)
  • Reputational damage

Third party cover includes

  • Privacy and security liability (damages and claim expenses)
  • Regulatory investigations (damages and claim expenses)
  • Media liability


Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate


Loading animation