UK legal sector at risk, National Cyber Security Centre warns

According to a recent report from the National Cyber Security Centre (NCSC), the legal industry is facing an increasing number of “ransomware attacks”

In the report, Lindy Cameron, CEO of the NCSC, explains that organizations in the legal sector constantly deal with large sums of money and highly sensitive information, making them an attractive target for cybercriminals.

Aivaras Vencevicius, head of product for NordLocker, said:

“Ransomware attacks have become more sophisticated in recent years, making it easier for cybercriminals to infiltrate and disrupt businesses’ operations and steal sensitive data. As a result, the legal industry has seen a significant rise in these types of attacks, with some firms falling prey to multiple attacks in a single year.”

According to recent research by NordLocker, in the last three years, when ransomware attacks have only intensified, companies in the legal industry have suffered more than 200 attacks worldwide. The UK was the second most-attacked country in the world (15 attacks).

While the number of attacks on the sector has decreased from the previous year, the legal industry still accounts for 2.3% of all ransomware attacks across various industries.

The USA saw the largest ransomware attacks in 2022, with 36 reported incidents. However, the UK followed just behind with seven attacks, making the legal sector the fourth most-attacked industry in the country in 2022.

No single type of company is attacked the most or not at all. Companies of all sizes are affected, whether it is a law firm with just ten employees or  as many as 1,000 employees.

Ransomware groups are also indiscriminate when it comes to targeting companies by revenue. In 2022, ransomware attacks targeted law firms with vastly different revenue streams, from companies generating £100 million to those with less than £3 million in revenue.

Aivaras Vencevicius added:

“Our experience shows a growing interest in cybersecurity in the legal industry. This is only natural because ransomware attacks are set to continue, and attack methods will become even more sophisticated. However, it also means that firms that do not take care of their cybersecurity will be even more vulnerable as the number of easy targets decreases.”

The NCSC report highlights the reasons why law firms are among the most vulnerable. First, law firms handle highly sensitive client information that may be valuable to criminal organizations.

Second, disruption to routine business operations can be costly. Third, time pressures associated with transactions create attractive conditions for phishing attacks. Finally, many legal practices rely on an external IT services provider.

According to Vencevicius, both small and large companies are susceptible to ransomware attacks, but for different reasons. Small companies often lack the necessary resources or prioritize cybersecurity measures, leaving them vulnerable to attacks.

Read more stories

Join nearly 5,000 other practitioners – sign up to our free newsletter

You’ll receive the latest updates, analysis, and best practice straight to your inbox.

Features