View all newsletters
Have the short, sharp Spear's newsletter delivered to your inbox each week
  1. Law
February 25, 2024

Cyber attacks on UK law firms on the rise

By Stephanie Bridger-Linning

The number of UK law firms falling victim to cyber-attacks is on the rise. 

A total of 226 firms were targeted in the year from September 2022-23, compared to 166 from 2021-22, according to global specialty (re)insurance group Chaucer. 

A separate study by the National Cyber Security Centre notes that almost 75 per cent of the UK’s leading 100 law firms have been impacted.

[See also: How should UHNWs protect against the risks of AI?]

Among them was Magic Circle firm Allen and Overy, which confirmed in November 2023 that it had suffered a ‘data incident impacting a small number of storage servers’. Well-known cybercriminal group LockBit later claimed responsibility. 

Ben Marsh, deputy class underwriter at Chaucer, explains law firms are attractive targets as hackers believe law firms are particularly vulnerable due to the often extremely sensitive nature of the client information with which they are entrusted. 

‘Hackers expect that law firms will pay them to either unlock data they encrypt in ransomware attacks or pay “blackmail” in exchange for the hackers not publishing the law firm’s stolen data online,’ he says.

[See also: Why HNWs must act now to fight the rise of disinformation]

Content from our partners
HSBC Global Private Banking: Revisiting your wealth plan as uncertainty abounds
Proposed non-dom changes put HNW global mobility in the spotlight
Meet the females leading in the FTSE

David Allison, founder of Octaga Security Services, agrees law firms present a unique opportunity for this class of criminal. He explains law firms might present a unique opportunity for cyber-criminals. ‘It could be a number of factors including trying to retrieve vital information that is needed for cases – either large corporate cases or against criminal gangs – that both groups would pay significantly to stop,’ he tells Spear’s.  

Allison notes cyber attacks on law firms is a well-known niche within the cyber security industry – and fears incidents will only become more frequent.

To counteract this increased threat, law firms are investing more in cyber defences. 

Marsh observes they are paying more attention to ‘basic data protection hygiene’ such as ‘segregating data across different departments, teams and individual clients.’ He adds: ‘However, it is still quite common for a law firm to suffer a data breach through a phishing attack. 

Select and enter your email address The short, sharp email newsletter from Spear’s
  • Business owner/co-owner
  • CEO
  • COO
  • CFO
  • CTO
  • Chairperson
  • Non-Exec Director
  • Other C-Suite
  • Managing Director
  • President/Partner
  • Senior Executive/SVP or Corporate VP or equivalent
  • Director or equivalent
  • Group or Senior Manager
  • Head of Department/Function
  • Manager
  • Non-manager
  • Retired
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.
Thank you

Thanks for subscribing.

Websites in our network