banner image

How real is the threat of cyber-attacks to legal firms?

  • September 11, 2017

In the modern, digitally-led world in which we live, threats to businesses are probably more likely to come from the web than anywhere else. In recent years there have been dozens of major cyber-attacks on businesses including Sony, TalkTalk, E-Sports, InterContinental Hotel Group, Verizon, IRS, Snapchat and many more. Even the US Presidential election was allegedly influenced by Russian hackers. Organisations within the legal sector rather obviously hold a considerable amount of potentially valuable data, but how real is threat of cyber-attacks to legal firms?

1 in 100

The UK legal industry is worth somewhere in the region of £26bn which makes research from cloud data intelligence firm, OnDmarc even more concerning. Just one of the UK’s top 100 legal firms has sufficient measures in place to protect them against even the most basic forms of email fraud. And if bigger firms – with larger resources – don’t have these defences then it’s highly unlikely smaller ones do either.

Legal firms exposed to cyber attacks

However, this should certainly not be the case and legal firms must start upping their defences to protect them from the ever growing threat of cyber-attacks. The risk of phishing attacks has risen by 65% in 2016 while the use of fake or compromised email accounts to steal information increased by 39% in the last quarter alone, according to email security firm, Mimecast. Attackers use these methods by pretending to be someone in a position of power, such as a CEO or Partner, to trick recipients into sending them confidential or valuable data.

Rois Ni Thuama, head of cyber security governance partnerships and legal at OnDmarc, commented on the findings. “With over 10,000 law firms operating in the UK, handling sensitive and hugely confidential commercial and private data, there is a real opportunity for scammers to target the legal sector. Many law firms either don’t understand the risk or assume that their existing email systems will do the job of protecting them, even though our study very quickly demonstrated that it’s all too easy for a criminal to exploit these firms’ email domains in order to impersonate the company and send out fraudulent messages to external clients and stakeholders.”

Cyber security experts wanted

What this highlights is that firms need to start thinking about their defences more than they currently are and ultimately, need to refocus their hiring strategies to incorporate cyber security specialists. However, there are few of these individuals available in any market, let alone the legal sector, which means that firms will almost essentially be forced into targeting those in other industries. But these people know their skills are few and far between and you will therefore need to be equipped with a tailored and cutting edge employer value proposition if you want to have a chance of attracting and retaining them. Offering the same package you do to lawyers will only turn cyber experts off so you need to take a leaf from the likes of the digital, tech and perhaps even financial industries which have, to date, put much more of a focus on bolstering their online defences. The organisations that don’t opt for this approach are likely to be vulnerable targets and could risk exposing their clients’ valuable and sensitive information, which they certainly want to avoid.

How do you think legal firms can deal with growing threat of cyber-attacks?

Take a look at some our other blogs to gain more insight about the legal sector

Or take a look at our current roles to find your next game-changing role.

Share This Post