Cyber-attack contributes to listed law firm’s profit warning

Biles: Frustration over Arden deal

Share in listed law firm The Ince Group neared their lowest point ever yesterday after it issued a profit warning, in part due to the cyber-attack it announced last month.

The share price closed down 8.5% at 21.5p, having been as low as 16p during the day; the all-time low was 18p in March 2020, in the wake of the first lockdown.

It reached a peak of 191p in September 2018 and has been falling since due to a variety of issues.

The stock exchange announcement said that, “as a result of a challenging last quarter of the financial year, overall revenue for FY22 was slightly below the prior year at approximately £97m”. In the year to 31 March 2021, turnover was £100m.

The firm cited the resurgence of Covid-19 in the UK last November and the pandemic’s impact at the same time on its office in Hong Kong and two in China; the Ukraine conflict affecting global shipping, a key market for the firm; and the ransomware attack, which occurred on 13 March when the group was mid-way through IT system migrations in Asia.

“Together with some adverse movements in our overheads, this will mean that reported pre-tax profits are expected to be short of market expectations.” The operating profit in 2021 was £9.2m before non-underlying items and £3.1m after.

Ince said the cyber-attack caused “difficult operating conditions for a short period of time”.

It explained: “Disaster recovery procedures were immediately implemented, including taking some systems offline. A team of specialists was appointed immediately to support the restitution of systems and advise on managing the situation.

“Our first concern was to minimise the effect on client work. Once the data loss had been quantified, it was clear that the effects of the attack had principally been on non-client data and our own internal systems, which have now substantially been restored.

“We continue to investigate the matter and restore some data, but we remain vigilant and have successfully implemented upgrades to our IT systems and controls.”

The firm said it expected “the overwhelming majority of the costs incurred” to be covered by insurance and that the attack would not have a material effect on the group’s financial performance in future.

The news has come in the wake of Ince’s protracted but ultimately successful £10m takeover of corporate adviser and stockbroker Arden Partners.

Group chief executive Adrian Biles said: “The hurdles and timetable that were applied to the Arden acquisition caused much frustration. Now completed, we can move forward to pursue our vision and continue to grow our global multi-talented professional services group.”

The group’s results are now unlikely to be published before September. Last year, they came out in July.

Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.


A two-point plan to halve the size of the SRA

I have joked for many years that you could halve the size (and therefore cost) of the Solicitors Regulation Authority overnight by banning both client account and sole practitioners.

Key cyber and data security questions to ask a legal IT provider

One of the growing priorities that law firms face when considering a legal technology provider is cyber and data security, such as their responsibilities and cyber incident management.

Navigating carer’s leave: A personal journey and call for change

The Carer’s Leave Act 2023, which came into force on 6 April 2024, was a pivotal moment for the UK. It allows workers to take up to five unpaid days off a year to carry out caring responsibilities.

Loading animation