Secure, usable, scalable: How law firms can build cyber resilience without slowing down

---

Matthew Stringer, founder and CEO of Stridon

By Matthew Stringer, Founder & CEO at Legal Futures Associate Stridon

In today’s legal landscape, cyber threats aren’t just persistent, they’re evolving. With 77% of UK law firms reporting an increase in cyberattacks last year and insider breaches accounting for 60% of incidents in the legal sector, the risks are real, and they’re growing. But for law firms, particularly those in the small to mid-tier space, the challenge isn’t just staying secure, it’s doing so without slowing down.

At Stridon, our approach is grounded in a belief that cybersecurity isn’t just about putting up walls, it’s about enabling people to thrive. Protecting your people, clients, and systems shouldn’t create unnecessary friction. Instead, security should empower productivity and support growth. Here’s how law firms can strike that balance using a risk-based approach and the right technology.

Understanding the threat landscape

Law firms are high-value targets. They hold sensitive, privileged information, operate under strict regulatory obligations and carry significant reputational risk.

With a UK legal services market valued at over £43.9 billion, attackers from cybercriminals to nation-state actors have plenty of motivation to target firms.

And the attacks are becoming more sophisticated and voluminous, such as:

• AI-powered phishing and impersonation
• Deepfakes used in business email compromise attacks
• New attack channels like Microsoft Teams or Zoom
• Nation-state activity, targeting legal data for strategic gain
• Insider threats, accidental or malicious

This isn’t a problem that’s going away. And for small to mid-tier law firms, who often lack large internal security teams or enterprise-grade infrastructure, the stakes are even higher.

Taking a risk-based approach to cyber maturity

Let’s be honest, most smaller firms can’t do everything at once. Time, people and budget are limited. That’s why we recommend a risk-driven approach. Ask yourself:

• Where are the gaps in our current cyber posture?
• What are our biggest risks?
• How can we ensure the right level of cyber investment?
• How can we stay ahead of attackers with the resources we have?
• Isn’t it just a case of when, not if?

Rather than chasing every possible threat, focus your efforts on where they’ll have the greatest impact.

Using CIS Controls to guide your journey

At Stridon, we use the CIS Controls framework to help firms assess their cybersecurity maturity. Developed by the Center for Internet Security, this framework includes 18 prioritised domains and 153 individual safeguards, mapped to leading risk frameworks like ISO 27001 and NIST CSF 2.0.

What we like about CIS is that it’s organisationally aligned and we can tailor the model to suit a firm’s size, risk appetite and budget. You can prioritise data protection, score your risks and develop a roadmap for improvement that uniquely fits your firm.

Cybersecurity can feel like the arcade game ‘whack-a-mole’ where you solve one problem, and another pops up. Using a framework gives you structure, focus, and a way to demonstrate due care and reasonableness, which can be critical in both insurance reviews and litigation.

Adopting the Zero Trust security model

Legacy security models relied on the “castle and moat” approach: build high walls and protect the perimeter. But in today’s hybrid working world, with data stored in the cloud and people working from everywhere, that model no longer fits.

Instead, we turn to the Zero Trust model, built on three core principles:

1. Explicit Verification – always authenticate and verify identity, device health, and workload.
2. Least Privilege – give only the access needed, and only for the time it’s needed.
3. Assume a Breach – design systems and process as if a breach will happen; contain and minimise its impact.

Zero Trust isn’t just about security, it’s about productivity. Implemented properly, it won’t slow people down. In fact, it can reduce friction and improve cyber maturity – you can have your cake and eat it!.

The role of Microsoft 365 E5

Making security simple with Microsoft 365 E5

Most law firms already use Microsoft 365 in some way. But by adding Microsoft 365 E5, or even just some of advanced capability, you can unlock powerful security and compliance tools that help keep your firm safe, without adding extra complexity or cost. These tools can help you achieve a Zero Trust security posture.

Here’s how it works in practice:

Protecting access – with E5, you get tools that help control who gets into your systems and what they can see. Features like conditional access and identity checks make sure that only the right people can access sensitive information and only from secure devices.

Keeping devices safe – whether your team is using laptops, phones, or tablets, E5 includes technology that can spot threats early, block dangerous activity and help fix problems automatically.

Safer email and messaging – phishing emails and malicious links are still some of the biggest risks for law firms. With Defender for Office 365, your emails, attachments and even Teams chats are scanned to block impersonation attempts and prevent threats from spreading.

Looking after your data – Microsoft Purview helps you stay in control of your data. You can label documents and emails, set rules around what people can do with them, and stop sensitive information from being accidentally shared or leaked.

Spotting insider risks – sometimes, the biggest risks come from inside. E5 includes tools that watch for unusual behaviour, like someone downloading lots of files and flags it. Importantly, this is done in a way that respects people’s privacy.

Keeping an eye on AI tools – with so many new generative AI tools popping up, it’s hard to know what’s being used and where. Microsoft Purview can help you spot if anyone in the firm is using unapproved tools or exposing data without realising it.

A unified platform, less complexity, increased visibility – a big benefit of Microsoft 365 E5 is that everything works together. You don’t need an array of separate tools or dashboards. You can manage access, protect communications, watch data and respond to threats, all through a singular ecosystem. That means less complexity, lower costs and fewer chances to miss something critical.

For firms trying to stay secure while keeping things simple and affordable, Microsoft 365 E5 offers a smart, joined-up way to do just that.

Conclusion: Resilience without slowing down

Cybersecurity is now a strategic enabler for law firms and not just a technical necessity. By focusing on security that supports usability and scalability, firms can protect what matters the most without getting in the way of productivity or growth.

To summarise:

• Security shouldn’t slow people down, it should enable them to work more confidently and efficiently
• A Zero Trust approach helps protect your team and your clients without getting in the way
• It’s also important to focus your investment where it has the most impact
• Using tools like the CIS Controls framework help you prioritise and measure your investment
• Wherever possible, look to consolidate your systems to reduce sprawl, operational overhead and increase risk of missing cyber threats
• Microsoft 365 E5 brings together powerful, built-in tools that reduce complexity and improve control

Ultimately, strong cyber resilience is more than just protection, it’s a competitive advantage that helps maintain client trust and prepares your firm for the future.

Next Steps

1. Click here to download Stridon’s Cyber Threat Briefing for law firms – a concise overview of the key threats and how to tackle them
2. Book on our next free cyber security webinar taking place on 2nd December – 12:00 – 13:00, which you can find out more about here
3. Book a meeting with Stridon’s cybersecurity team to explore how your firm can stay protected — without slowing down. Just email us with your availability at insights@stridon.co.uk.