The 2023 National Cyber Security Centre (NCSC) report into the UK legal sector warns that a failure to: “maintain appropriate cyber security measures… can have exceptionally negative consequences for a legal practice and its clients"[1].
Current figures cite that 65% of UK law firms have been victims of cyber incidents [2]. According to one study, 2024 have seen cyberattacks increase by 77 per cent to 954, up from 538 in 2023 [3].
Elsewhere, another report revealed that 72% - almost three-quarters - of UK-headquartered law firms have at least one employee password on the dark web[4].
Most damning is that this threat has been known for some time. The NCSC has identified that approximately 80% of UK law firms have reported phishing attempts in the last year[5].
When it comes to ransomware, a 2024 report found hijackers of law firms’ computer systems have been paid off on eight known occasions in the past six years, as part of a survey that identified 138 individual ransomware attacks on the legal sector, with just under three million individual records compromised[6].
What is driving the problem?
The continued growth of cyberattacks could signify a reluctance to engage with this issue.
However, figures from PwC show that the top ten UK law firms spent £6.1 million on cyber security in 2023—up 21 per cent compared to 2022. The top 26-50 firms upped their spending by 41 per cent and the top 51-100 increased by 67 per cent[8].
So, what makes cybersecurity challenging for the legal sector to address?
Firstly, the increased targeting of medium-sized law firms, often overlooked in cybersecurity discussions, is undoubtedly driving this increase. This is compounded by the fact that smaller firms are more likely to rely on external IT service providers – so it is more difficult for firms to assess the controls they have in place.
There are, however, sources of information to help law firms improve their cybersecurity posture. For example, cyber Essentials from the NCSC is a set of basic technical controls that firms should have in place to protect themselves against common threats.
These programmes rightly emphasise regular training, the development of a vigilant culture, and consistent updates to the technology in use. We would add the exploration of edge architecture to this list.
Edge computing, which brings computing resources closer to the source of data, offers several advantages in mitigating cyber threats:
The highly confidential, commercially sensitive, and often personal information held by legal firms means that they will remain a keen target for cybercriminals, in turn, they should consider taking action by extending cybersecurity considerations to the digital infrastructure that they rely upon.
[1]See Cyber Threat Report: UK Legal Sector
[2]See 65% of law firms have been a victim of a cyber incident | The Law Society
[3]See Cyber attacks on law firms jumped by 77% over the past year | Law Gazette
[4]See New UK law firm cyber research finds over one million passwords on the dark web - Legal IT Insider
[5]See Cyber Threat Report: UK Legal Sector
[6]See Law firms cough up to ransomware hijackers, report claims | News | Law Gazette
[7]See Law firm cyber attacks on the rise with 73 of UK top 100 targeted
[8]See Cybersecurity Spend Among UK Top 10 Jumps 21% as Threats Become Priority
Get started with platformEDGE
platformEDGE™ integrates colocation, connectivity, and cloud, empowering legal practices to harness the power of edge to meet operational and strategic objectives. Find out more - platformEDGE.™