The rising risk of cybercrime for law firms

Posted by Milad Shojaei, a trainee legal advisor at the Ministry of Justice, and strategy & engagement director at Legal Futures Associate Casedo

Shojaei: Law firms must take cybersecurity issues more seriously

Cybercrime has increased significantly in recent years, causing untold damage to businesses and essential services. Cyber-security breaches cost billions of pounds and account for half of all crime in the UK.

Motivated by personal profit, cybercriminals’ attacks have become more sophisticated, with threats emerging both domestically and by international criminal organisations.

It was reported last month that global law firm Jones Day had 100 gigabytes of data stolen, with some of it appearing on the dark web, after a third party that provided it with file transfer software was hacked.

Crowe UK’s research in 2018 identified “significant unaddressed cyber risks” associated with the top 200 UK law firms, suggesting that 81% of law firms were exposed to at least one notable vulnerability.

Worse yet, making that digital leap in the wake of the pandemic at incredible speeds has amplified the lack of information security and potential cyber-attacks. As organisations go digital, so too does crime.

Cybercriminals actively exploit the vulnerabilities present in humans and security. Even a temporary downtime or partial loss of data can have a cumulative impact on how much legal professionals can bill clients. Moreover, data loss can instigate financial regulatory penalties, loss of client confidence, falling share prices and potential legal costs if litigation is pursued.

Law firms can use multiple detection engines to enhance cyber-security. Fraud detection can automatically pinpoint phishing, flagging concerning emails and ensuring that legal professionals can make quick and informed decisions that avoid data breaches.

Rationalising modern IT applications and re-engineering business systems can fundamentally improve cyber-security. By reducing reliance on cloud-based systems, in favour of simplistic and efficient digital solutions, law firms can cut out the cost and secure operations.

In 2018, the cybercrime economy was estimated to be worth $1.5 trillion. Cybercrime is predicted to cost the world $10.5 trillion annually by 2025. This would represent the most significant transfer of economic wealth in history, and more profitable than the global trade of all illegal drugs combined.

Cybersecurity is a critical business issue for every market, and the legal industry is no different. The unparalleled financial damage is reflected in the numbers. The World Economic Forum’s Global Risks Report 2020 suggested that cybercrime will rank as the second most alarming global commerce risk in the next decade.

A report on the cyber-threat to the UK legal sector, published by the National Cyber Security Centre in 2018, outlined that 60% of law firms reported an information security incident. There has also been a 42% increase in reported incidents in the last five years.

The legal sector is undeniably vulnerable to cyber-attacks as lawyers frequently handle large volumes of confidential information. Law firms specialising in corporate or property law are particularly exposed due to the potential for financial gain. Smaller law firms are also viewed as easy targets.

A thematic review of cybercrime released last year by the Solicitors Regulation Authority reported that 23 of the 40 firms sampled saw more than £4m stolen.

The digital landscape is changing rapidly and keeping pace with the evolution of emerging cyber threats is challenging for law firms. Achieving sustainable progress in safeguarding the legal sector is not easy and countless organisations have incurred substantial financial and reputational damage in recent years.

As the legal industry continues to digitise, law firms must take cybersecurity issues more seriously.

It is long overdue that the legal sector recognises the risks associated with cybercrime. Given the profession’s accelerated transition to the digital era, more comprehensive steps must be taken to ensure that potential threats are addressed.

A proactive attitude towards cybersecurity can help lawyers avoid devastating repercussions. It is crucial that we enhance our understanding of the different types of attacks.

By recognising the potential risks that firms can face, legal professionals can minimise security threats, limit the damage and restore systems quickly.


Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Loading animation