Successful cyber attacks up 77% year on year

The legal sector has seen a 77% increase in the number of successful cyber attacks increase by 77% over the past 12 months, from 538 in 2022/23 to 954 2023/24. The increase has been driven by the sensitive and personal nature of information held by firms, including financial information which can be sold on the dark web or used as part of a ransom demand. 

The research has been conducted by Chartered accountants Lubbock Fine who have said the legal sector is a ‘prime target’ for attack. Typically the methodology is ransomware, or blackmail.

“The data that law firms hold on behalf of their clients is often highly sensitive – and therefore, valuable if you intend to blackmail a law firm,”

said Lubbock Fine partner Mark Turner.

“This makes them a very attractive target. Hackers will often demand a blackmail payment from law firms or threaten to post that sensitive data on the internet.”

Ransomware often targets individual users via email to encourage them to click on links which lead to downloads, or open documents attached to emails, opening up viruses which infiltrates systems and lock them down. A ransomware attack is usually followed by a demand for recompense, usually in untraceable bitcoin. If this is paid, the a key is provided to unlock the files; but there are no guarantees and plenty of examples where organisations have paid out, only to find they continue to be unable to access their systems.

In the face of such attacks law firms need stronger cyber defences than most businesses adds Turner, saying ‘This might include segregating data across different departments, teams and individual clients.’

In a blog on Today’s Conveyancer, Brian Rogers of Access Group provides some useful insight and advice for firms on defending against, and dealing with, cyber attacks. Cyber attacks remain widespread and cause significant disruption to services, and reputation. A report by the National Cyber Security Centre in 2023 identified nearly three quarters of the UK’s top 100 law firms have been impacted by cyber-attacks. The same report identifies how in 2021 a city law firm reported that they had lost client data as a result of a cyber attack, wiping alomst 8% off its share value within the first hour of the statement.

In November 2023 Managed Service Provider (MSP) CTS was the victim of a cyber attack paralysing a number of law firms and causing huge disruption to property transactions up and down the UK. The reputational and financial damage forced CTS into administration earlier this when it was acquired by Bluecube (an Ekco Company).

Want to have your say? Leave a comment

Your email address will not be published. Required fields are marked *

Read more stories

Join nearly 3,000 other family practitioners - Check back daily for all the latest news, views, insights and best practice and sign up to our e-newsletter to receive our weekly round up every Thursday morning. 

You’ll receive the latest updates, analysis, and best practice straight to your inbox.

Features