Hub - Security

20th July 2022

Top Three Cyber Security Threats to Law Firms According to the SRA

As a result of our new hybrid working way of life, all of us have become extremely dependant on technology – a fact that has not gone amiss by cyber criminals who are increasingly taking advantage of this reliance to steal confidential data and information. Undoubtedly, cyber security is more important than ever. 

The Solicitor’s Regulation Authority (SRA) released their 2022 Risk Outlook report at the beginning of June and explored the key types of cyber security threats that are affecting the legal market recently, and methods of protection that law firms and barristers’ chambers should be factoring into their cyber security strategy. 


Although phishing attacks can be launched by several different avenues, including text message and social media messages, the SRA found that 80% of all cybercrimes reported to them in 2021 were phishing attacks involving email. Successful attacks can install malware, corrupt systems, or result in data, information or money being stolen. 

In 2021, approximately 320 billion emails were sent and received per day, and this number is expected to rise to 375 billion by 2025, so it is no surprise that cyber criminals are using this format to conduct their attacks, reaching millions of users every day. 

The SRA expect that, as law firms place more focus on their IT systems, voice-based phishing or vishing will become more prominent as threat actors look for different methods to target the legal sector in ways that they might not suspect or be prepared for. 


Ransomware is malicious software that encrypts a user or organisation’s data, leaving them unable to access files, applications or systems until a monetary ransom is paid.  

These attacks, most commonly deployed via phishing emails, are specifically designed to spread quickly, affecting all devices on your network, rendering your systems and sensitive data completely useless. For law firms who are fully online and have a heavy dependence on IT to operate, ransomware attacks can be particularly debilitating. 

Ransomware attacks are ever-evolving, and it is predicted that they will continue to increase in sophistication, even so far as becoming fully automated, simply attacking any target with suitable weaknesses.  

Third-Party Attacks 

As the legal sector works to improve their cyber security posture, and therefore becoming harder targets, cyber criminals are looking at other, indirect ways to attack. With more and more law firms adopting a hybrid working model, they are now more reliant than ever on technology, which is presumed to be a key driver in the increasing trend of law firms being affected by attacks carried out on third-parties, such as their application or cloud providers. 

Third-party attacks may be direct, where a threat actor compromises the third party in order to gain access to their intended target, or maybe indirectly, with threat actors harming both the vendor and its clients. 

Law firms deal with highly sensitive information, which means the case for protecting client data has never been greater. The risks of a breach are very serious and very real. 

Firms recognise that investment in cyber protection is critical, but many security solutions can be expensive to implement and complicated to manage. Our specialists are here to advise on how to design a cost-effective strategy that protects your firm, along with providing guidance on meeting your compliance objectives. 

Contact us today to learn more about our cyber protection solutions, which are specifically shaped for law. 

The latest from CTS