According to a report on fraud and cyber crime vulnerabilities in the legal sector, the top 200 law firms in the UK are especially susceptible to cyber attacks.

UK law firm cyber attack statistics 2019

"Conducted" by “Crowe, KYND” and ‘University of Portsmouth’s Centre’ for Counter Fraud Studies, research into the risks impacting the top 200 UK law firms has revealed just how vulnerable the legal sector is to cyber crime. The 2019 report showed that:

• 91% of firms are exposed to having their website addresses spoofed and used to send spam, phishing or otherwise fraudulent emails
• 80.5% of firms were running at least one service, such as an email server or webserver, with a well-known vulnerability that could be exploited by hackers
• 21% of firms had at least one service that was using software which was out of date and no longer supported by the developer, putting them at higher risk of attack and service failure
• 23% of firms had at least one security certificate which had expired, been revoked or distrusted, meaning clients would not be able to connect securely to their website
• 79% of firms had at least one domain registered to a personal or individual email address, representing a significant threat to business continuity and domain ownership

The amount of money law firms are losing to cyber crime is increasing. According to the SRA, in the first six months of 2019, law firms reported a loss of £731,250 of client money to cyber crime. The National Cyber Security Centre also found that 60% of law firms in the UK reported experiencing an attack in 2017; a rise of 20% from 2016.

According to the report: “There is an epidemic of fraud and cybercrime in the UK and law firms are not immune. Irrespective of size, law firms attract cybercriminals due to the large amounts of client money, data and sensitive information they hold.”

How can law firms protect themselves against cyber attacks?

All organisations should take basic steps to protect themselves online. Depending on your need, the government advises heading to the below websites for guidance:

• Cyber Aware - offers simple advice to help small businesses and citizens stay safe online
• The Small Business Guide - shows how to improve cyber security within an organisation quickly, easily and at low cost
• Free Online Training - Top Tips for Staff - an online learning module which helps staff understand why cyber security is important and shows how to take practical steps to protect against fraud and cyber crime
• Small Business Guide to Response and Recovery - helps SMEs prepare their response to, and plan their recovery from, a cyber incident
• Cyber Essentials - shows how to put technical measures in place to protect businesses against the most common internet threats

See also

Why email encryption is essential to your business

What is cyber, and why does it matter?

Find out more

Fraud and cybercrime vulnerabilities in the legal sector (KYND)

The National Cyber Security Centre (Gov.uk)

Image: Getty Images

Publication date: 21 November 2019