February 7, 2024

Why Law Firms and the Legal Sector are such an attractive target for Cyber Criminals - and what to do about it

The legal sector handles highly sensitive information and controls huge sums of money on behalf of major businesses and individual clients alike - which makes it a very attractive target for cyber criminals!

Get Your 'Vulnerability Management Template' FREE!‍

Your Vulnerability Management Template Includes:

  • Full Vulnerability Identification Process Documents
  • Easy to Follow Process Diagrams
  • System and Data Criticality Definitions
  • Vulnerability Triage Process
  • Remediation Allocation Process
  • Root Cause Analysis Process

Secure your organisation today by completing the form for your Vulnerability Management Template.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Download the, 'How to secure Microsoft Office Desktop Deployments Technical Guide' - FREE

  • 15 Technical Controls to help secure your users and keep your business safe.
  • 100’s of reference group policy objects to implement the controls
  • Reference material to learn more about each control

Complete the form to download your free technical guide and secure your organisation today.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Download the Cyber Essentials Template Policy Pack - FREE

Complete the form to download your FREE Cyber Essentials Template Pack today, including:

  • User Management Policy
  • Patch Management Policy
  • Mobile Device Management Policy
  • Information Security Policy
  • Device Build Policy
  • Credential Management Policy
  • Account Usage Policy
  • Registers for all of the above policies

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Download the Microsoft 365 Security Guide  - FREE

Complete the form to download your FREE Microsoft 365 Security Guide today, including:

  • A checklist to ensure your organisation is protected.
  • Top tips you can distribute to employees to keep your data safe.
  • Recommended secure configuration settings for your environment.

Sign up on the form and receive the guide instantly.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Why is cyber security such an issue for law firms?

The legal sector handles highly sensitive information and controls huge sums of money on behalf of major businesses and individual clients alike - which makes it a very attractive target for cyber criminals!

Much of this information is highly personal and confidential in nature - exactly the type of information that GDPR and other regulations are designed to protect - and exactly why it is so valuable to cyber criminals. From small individual solicitors practices and high-street partnerships to well known regional and national companies, law firms are a magnet for cyber criminals

There are some good reasons for this.

Large Money Transfers - often under time pressure

Conveyancing deals often complete at short notice and involve huge money transfers - perfect opportunities for Business Email Compromise attacks.

Law firms frequently handle large sums of client’s money.

Importantly this money is often ‘passing through’ between different parties so there can be a large number of very high value transactions, sometimes under high pressure and tight deadlines. Much of the communication between parties is done by email which is not secure.

Intercepting and redirecting money transfers is a core skill for any self-respecting criminal.

“Better to ask when, not if, you will be targeted by online criminals.”

- SRA Chief Executive

Personally Identifiable Information and Confidential Business Details.

GDPR and other legislation means that law firms have legal and ethical reasons to manage their client’s information.

Legal transactions of all types, from conveyancing to court proceedings, often require volumes of highly sensitive, confidential  and personally identifiable information to be transmitted, stored and exchanged.

Such information is a valuable currency in its own right to criminals and so must be protected at every stage and every move. This is an areas where law firms must consider secure transactions and document management solutions.

Law Firms hold a position of Trust.

Whether by email or cloud services, legal firms often find themselves as the communication hub between multiple clients and service providers - and hold a unique position of trust.

Many different people are expecting to receive and open documents - any one of which might be compromised by malware. They won’t think twice before clicking to open a document from their solicitor or legal advisor. Communications from law firms must be even more secure than many other industries.

An client’s Email is not under your control

For many legal businesses, the proportion of  high-value, time-critical transactions carried out with often inexperienced home users and with no control over the security of their home setup is a real threat that has to be addressed.

Why should you worry about cyber security for your law firm?

Many in the legal sector ask why they should worry about cyber attack. Either they are “too small to be a target” or “too large and well protected to be impacted”. Of course neither is true.

I’m too small to be a target.

There are two reasons why this is not true. Firstly criminals have realised that smaller companies with limited security teams and budgets are actually easier targets and can be just as profitable.

The second reason is the increased automation of cyber attacks. Just as with many industries, not least the legal sector itself, automation makes it possible to reach many more customers with individually targeted services.

Cyber crime is no different. An automated vulnerability scanner doesn’t care how small you are - it just finds a weakness and records it. Typically this access to your environment - whether it’s stolen credentials or a software vulnerability - is sold on to other criminals to exploit. These specialists might then launch a completely automated ransomware attack.

Their investment of a few keystrokes might wipe out your entire investment in your company overnight.

We’re too big to be breached.

No organisation is too big or too small to be breached. The difference might only be in the level and sophistication of the attack and in the amount of the resulting ransom the criminals demand. Of course larger firms have dedicated security staff and increased budgets and so may be a more challenging target - but they are most likely protecting larger clients and able to pay significantly higher ‘recovery fees’. And the automated tools still scan you, no matter how large or complex you are.

At some point a phishing email will get through. And one account has been known to bring down an entire infrastructure.

So what might it cost you?

The SRA and the Law Society both say that the impact in other ways is often much more significant than the cost of a ransom demand. There are many possible costs to a successful cyber breach.

  • Money - both in terms of ransom payments and direct loss of stolen funds
  • Reputation - possibly the most impact of all losses is the lost of client trust
  • Time - loss of billable hours and staff time dealing with a breach can run into weeks and longer
  • Insurance Premiums - as with most insurance, paying out usually means paying more
  • Regulatory Penalties - various bodies have the power to levy fines on top of the immediate costs
  • Stress and Pressure - to partners and staff alike. Don’t underestimate the impact of crime on people

A case study of a data breach of a national law firm.

In March 2022, the Information Commissioners Office (ICO) fined a national firm of solicitors £98,000 under the GDPR legislation following a significant breach of client data.

The important thing to note is that they were not fined for the loss of data. The fine related to their lack of adequate controls of that data, including -

  • using only simple password sign in without MFA
  • no encryption of sensitive data
  • having out-of-date systems with known vulnerabilities


What can you do about it?

You are not alone. There are many associations and industry bodies worrying about these issues. From the Law Society to the Solicitors Regulation Authority, there is a wealth of guidance.

Check out our dedicated page for the Legal Sector for more details and useful links and questions.

Ready for a true 24x7 cyber risk management solution from a CREST-Accredited SOC?

Get Your CREST 'What is a Security Operations Centre?' Guide!

It’s important to know what you’re getting, what’s not included and what else is available. This starts with understanding a SOC and it’s critical functions. CREST has recently published a guide to the critical functions of a SOC which aligns with the CREST SOC standard.

Enter your details here and to get the complete guide instantly sent to your inbox.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Why choose us?

Choose Precursor Security for penetration testing excellence—where industry-leading expertise, CREST accreditation, and a client-focused approach converge to fortify your digital defences with precision and reliability.

Written by

Precursor Security

Welcome to Precursor Security, where the forefront of cybersecurity and penetration testing expertise meets unmatched dedication and innovation. We are the architects of robust digital defences, committed to safeguarding the online realm.

menu