Report shows UK law firms unprepared for cyber attacks

According to a report on fraud and cyber crime vulnerabilities in the legal sector, the top 200 law firms in the UK are especially susceptible to cyber attacks.

Cyber Attacks Law Firms UK

UK law firm cyber attack statistics 2019

"Conducted" by “Crowe, KYND” and ‘University of Portsmouth’s Centre’ for Counter Fraud Studies, research into the risks impacting the top 200 UK law firms has revealed just how vulnerable the legal sector is to cyber crime. The 2019 report showed that:

  • 91% of firms are exposed to having their website addresses spoofed and used to send spam, phishing or otherwise fraudulent emails
  • 80.5% of firms were running at least one service, such as an email server or webserver, with a well-known vulnerability that could be exploited by hackers
  • 21% of firms had at least one service that was using software which was out of date and no longer supported by the developer, putting them at higher risk of attack and service failure
  • 23% of firms had at least one security certificate which had expired, been revoked or distrusted, meaning clients would not be able to connect securely to their website
  • 79% of firms had at least one domain registered to a personal or individual email address, representing a significant threat to business continuity and domain ownership

The amount of money law firms are losing to cyber crime is increasing. According to the SRA, in the first six months of 2019, law firms reported a loss of £731,250 of client money to cyber crime. The National Cyber Security Centre also found that 60% of law firms in the UK reported experiencing an attack in 2017; a rise of 20% from 2016.

According to the report: “There is an epidemic of fraud and cybercrime in the UK and law firms are not immune. Irrespective of size, law firms attract cybercriminals due to the large amounts of client money, data and sensitive information they hold.”

How can law firms protect themselves against cyber attacks?

All organisations should take basic steps to protect themselves online. Depending on your need, the government advises heading to the below websites for guidance:

See also

Why email encryption is essential to your business

What is cyber, and why does it matter?

Find out more

Fraud and cybercrime vulnerabilities in the legal sector (KYND)

The National Cyber Security Centre (

Image: Getty Images

Publication date: 21 November 2019