Cybersecurity in the legal sector

Cybersecurity in the legal sector

The legal sector remains a hot target for the full spectrum of threat actors. These include cybercriminals, hacktivists, state-sponsored groups. This is largely due to the wealth of sensitive data held within the industry. For example, patent data, merger and acquisition information, protected witness information and negotiation information. The scope is vast and not limited to the above list. Legal firms are equivalent to a pot of gold for any of these groups. So, what’s the state of cybersecurity in the legal sector and what can be done to improve it?

The sensitive business and client data that law firms store, make them valuable targets for malicious actors. They are certainly not exempt from the growing trend of cyber threats to businesses, their employees and clients.

It used to be the case that law firms thought it was a simple question of putting simple procedures in place, but in fact, that’s not sufficient anymore. On a technical level, they need to make sure clients take reasonable steps to ensure data is secure and this means that their infrastructure needs to be secure. Storing or sending highly sensitive client details via email, or using unencrypted USB drives is not compliant with GDPR anymore.

The UK legal sector 

The threat to the UK’s legal sector is very real and growing quickly. According to research from PWC, some 62% of law firms report they suffered an incident last year – up from 45% the previous year

The most common security incidents faced by firms were email phishing attacks to try to gain access to client money, which 84% of firms that had been victims of attacks had suffered.

In these attacks, the hacker poses as a third party when emailing or getting in contact with a firm and specifies that purchase money should be sent to a different account.

Fifty-five per cent of firms targeted by cyberattacks had been victims of attacks with viruses or other malware, while 16% of those targeted had faced significant attempts to break into their firm’s network.

Implications of a data breach in the legal sector

The implications for clients are far-reaching. It could affect a legal case and put a client at a disadvantage. It might mean that valuable IP owned by a company is seen by a competitor. A data breach at a law firm could also provide a backdoor into your clients’ systems – cybercriminals are targeting businesses that give them access to larger enterprises with more valuable data to steal. Legal firms certainly fit the bill.

There is a significant reputational threat to law firms on the wrong end of these data breach incidents. If you are a major law firm, the ability to ensure your clients’ data is kept confidential is absolutely key to your standing.

If you have any questions about cybersecurity in the Legal sector or just want to have a chat, drop us a line at

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

CTA button