Sharp increase in money stolen through legal sector cyber security breaches

Updated: Jan 25, 2021

A survey from the government’s Department for Digital, Culture, Media and Sport (DCMS) reported that in the first half of 2020, nearly £2.5m of client money had been stolen from legal firms by cybercriminals. This is more than three times the amount reported in the first half of 2019

Considering legal firms hold valuable and often sensitive data, as well as sizeable amounts of money, they may be more likely to be targeted by cyber attacks than other kinds of businesses. While working from home, your IT systems may be less secure and cyber criminals will be on the lookout for weakness.

The main threats facing such organisations include:

· Ransomware

· Phishing

· Cloud services

· Vulnerability scanning

Ransomware is where malicious software may be accidentally installed by staff when they click on a fraudulent link in an email, text or social media message. Criminals may demand a ransom in exchange for freeing their firm’s systems from their control. This can cost organisations huge sums of money.

But it’s not just the cash. The DCMS point out that hundreds of hours of work can be lost when a cyber attack stops staff from being able to use their computers or access their files. The time at stake would not be covered by insurance as a monetary ransom might.

See our resources page to find out what you can do to protect against ransomware.

Phishing refers to those links that members of your firm may click on without realising their danger. The best way to protect against this is to educate your staff. As part of our NEBRC membership packages, we deliver staff awareness sessions as the first line of defence against what could be a very costly mistake.

Since working from home, most legal firms will be making use of cloud services. The National Cyber Security Centre (NCSC) has easy-to-follow guidance on securing storage of this kind on their website ( We also share tips for organisations in our resources area.

Vulnerability scanning involves getting cyber security experts to review your systems and identify any weaknesses which criminals could exploit. As part of our NEBRC membership, we can arrange for our ethical hackers to put your IT to the test. Spotting where your software needs patching or where your storage is vulnerable now could avert a cyber crisis later.

At this time where legal cyber attacks are especially prevalent, please reach out to us for support to save you the stress and costs of being targeted.