Data breaches in the UK legal sector have surged by 39% over the past year, with nearly 2,300 incidents reported, according to NetDocuments. Analysis of Information Commissioner’s Office (ICO) data by the enterprise content management firm shows that between Q3 2023 and Q2 2024, a total of 2,284 breaches were recorded, up from 1,633 in the previous year. These incidents exposed data belonging to 7.9 million individuals, equivalent to 12% of the UK population.
“At a time when the sector is continuing to digitalise, legal firms need to strike the right balance between keeping data secure, while still allowing their employees to collaborate and work productively,” said NetDocuments compliance vice president David Hansen.
The dual drivers of breaches
NetDocuments’ analysis highlights that external threats now account for half of all breaches reported in the legal sector, a 10% rise from the previous year. Phishing attacks, which make up 56% of external incidents, continue to be the most common external threat. These attacks are a growing concern, with attackers increasingly targeting legal firms due to the sensitive data they handle.
However, despite the rise in external breaches, insider threats remain prevalent. Half of the breaches reported in the past year were attributed to internal sources. Within this category, human error is a key contributing factor, accounting for 39% of all internal breaches. Common issues include failures to redact information, misusing email tools like BCC, or improperly altering data. Additionally, 37% of internal incidents involved sharing data with the wrong person, either by email, post, or verbal communication. Only 2% of internal breaches were linked to the loss or theft of data, such as devices or physical paperwork.
The analysis further revealed that almost half of all data breaches, accounting for 44%, directly impacted customers, while 18% involved employee data. The types of data compromised in these incidents varied. The majority of breaches involved personal information at 42%, followed by economic and financial data at 13%, health data at 10%, and official documents at 10%.
In addition to the analysis of breaches in the legal sector, the ICO’s own data offers further insights into the broader landscape of data security in the UK. In Q3 2024, the ICO recorded 3,003 data incidents, marking an 11% increase compared to Q3 2023, when 2,713 incidents were reported. Notably, non-cyber incidents made up the majority of these cases, accounting for 77% of the total, while cyber incidents comprised 23%.
While the overall number of cyber incidents rose slightly by 2%, certain types of breaches saw significant increases. Hardware and software misconfigurations rose by 117%, while failures to redact sensitive data climbed by 68% compared to the previous year.
Among the most common incident types reported in Q3 2024, sending data to the wrong recipient remained a frequent issue, accounting for 17% of all incidents. Other significant causes included hardware and software misconfigurations, as well as unredacted data.
Despite the increase in cyber incidents, non-cyber breaches such as human error, misconfiguration, and failure to follow security protocols remain a consistent threat. NetDocuments found that 50% of all breaches reported in Q3 2024 involved the personal data of fewer than 10 people, highlighting the ongoing risk to organisations of mishandling small-scale data sets.
Beyond the legal sector, broader trends in organisational accountability for data security are also emerging. In Ireland, a survey of 1,000 office workers conducted by Censuswide for IT.ie and SonicWall found that nearly three-quarters of respondents believe that their employers hold staff personally accountable for cybersecurity incidents. The research suggests that this “blame culture” could influence how cybersecurity is approached, highlighting the need for organisations to create environments where openness and collective responsibility are encouraged.
Read more: UK ICO slaps Advanced Computer Software with £6m fine for data breach
