More to be done by law firms to mitigate data breach risks

Kingsley Hayes MD Hayes Connor

Kingsley Hayes, Managing Director, Hayes Connor Solicitors

As the legal sector continues to embrace technology, the industry remains at high risk of data breaches either through human error or malicious cyber attacks according to specialist Hayes Connor Solicitors.

The most recent figures from the Information Commissioners Office (ICO) places the legal sector in the top five for data security incidents with law firms responsible for 8% of the 4,056 data breaches reported to the ICO between July and September 2018.1

A survey published by Big Four accountancy firm PWC2 also revealed that despite 82% of top 100 law firms expressing concerns relating to cyber security, only 27% of respondents were confident that their firm’s end-to-end operable services could be recovered following a cyber-attack.

Its Law Firm Survey 2018 report also identified that only 14% of participating law firm’s senior management teams had taken part in crisis management training in the previous 12 months.

Kingsley Hayes, managing director at data breach and cyber security specialist Hayes Connor Solicitors, said: “Law firms are arguably at a higher risk of a cyber attack or simple human error leading to a serious data breach due to the volume and extent of the confidential information held.

Also responsible for holding large sums of client monies, it is not difficult to see why a hacker would target law firms.

“It’s surprising that despite the ongoing, and growing cyber threat, that many firms appear to be unprepared in the event of a data breach crisis. Protecting clients’ personal information goes far beyond ensuring that IT systems and defences are implemented, updated and monitored, however.

“Human error is largely to blame for most data breach incidents with the PWC survey finding that 46% of data breaches within the legal sector were a result of staff either losing or leaking information.

“One of our recent cases was against a firm responsible for a data breach involving one of its solicitors leaving our client’s sensitive medical records and other confidential information on a train. Our client suffered significant mental health issues following the breach which led to a demotion at work.

“Law firms have a duty to protect their clients’ personal information and monies by taking all the necessary precautionary measures to prevent data breaches. It is essential also to maintain the trust that clients have in their solicitor.”

Hayes Connor Solicitors is currently running its #notjusthackers campaign to raise awareness of data breaches resulting from simple human errors and the steps to take to prevent incidents.

For more information, visit the Hayes Connor Solicitors website at



Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate


Loading animation