Hub - Security

15th May 2019

“We’ve never been hit by a cyber attack, why do we need additional security measures?”

It’s tempting to think that because your law firm hasn’t felt the full impact of a cyber attack, you’re not at risk, especially if you’ve already invested in security. But the threat landscape is changing, and there are many reasons to review the measures your firm has in place.


1. Every time you look, the threat gets bigger

60% of law firms reported an information security incident last year, a 20% increase on the year before according to a report released by the UK’s National Cyber Security Centre (NCSC). It’s practically impossible to avoid being hacked in some way at some time. The threat isn’t only increasing, it’s also evolving and diversifying.

Law firms are prime targets for hackers because of the amount of sensitive information they hold. A 2018 survey by BDO reported that cyber security was becoming the sector’s number one investment area, indicating that firms are alert to the issue.


2. Clients are becoming more security conscious

Corporate clients in particular are increasingly concerned with how law firms are handling their sensitive data and are looking for assurance. 72% of law firms reported that they’re seeing an increase in the number of clients requesting a security audit, according to the 2018 Legal IT Landscapes Survey conducted by Briefing magazine.

Law firms who can demonstrate advanced security capabilities, over and above their clients’ basic expectations, gain a significant competitive advantage.


3. Breaches are more costly, as well as more likely

According to a Ponemon survey published in 2018, the average cost incurred by a law firm for every lost or stolen record is now £137. And of course any data breach will multiply that cost by thousands.

Factoring in the cost of crisis management, stakeholder notification, legal expenditure, potential fines and loss of business, it’s easy to understand how the financial impact can be much greater than firms may initially expect.


4. Compliance: it’s getting harder to achieve it and costlier to fail

Legal is one of the most highly regulated sectors, and the ICO and SRA are becoming more exacting about cyber security. They are also taking an increasingly hardline stance against firms that fail to comply.

A law firm’s reputation is hard to earn and easy to lose with a single data breach. And since the advent of GDPR, firms are obliged to inform the ICO and those affected in the event of a breach. The latest security technology can help to minimise reputational damage by precisely identifying compromised data. As a result, you only have to notify those directly affected, rather than every client and stakeholder.


5. Agile working multiplies your vulnerabilities

The benefits of smart or agile working, whereby staff are empowered to work from anywhere, are being realised by law firms. And whilst the benefits are significant, mobile working was correctly identified by respondents to a recent LPM magazine survey of law firms as one of the more dangerous threat vectors when it comes to data breaches and information security. The proliferation of cloud services, Bring Your Own Device and remote working means that the latest threats now have an even wider surface to compromise your firm.

The task of managing and maintaining new technologies alongside legacy systems only complicates the problem and helps to tip the odds further in attackers’ favour. Hackers need to find only one flaw whereas your firm needs to protect against them all. Against new attack vectors capable of bypassing traditional perimeter security, being able to detect and respond to malicious activity inside your network is vital.


Cybersecurity has never been more critically important for law firms. Discover how our integrated and proactive approach with exceptional threat intelligence can keep you ahead of cyber criminals.

The latest from CTS