A quarter of law firms have been hit by cyber-attacks or fraud within the last year.
The data was delivered as part of the NatWest 2017 Legal Benchmarking Report, and was drawn from 269 law firms that have a total income of up to £1.42 billion. These firms employ 16,000 people based in England, Scotland and Wales.
Regionally there was a distinct variation in the UK, as the North East and North West contained 37% of the firms targeted and affected by a cyber adversary, while only 9% Scottish firms were breached or hit with fraud.
This stands as another serious example of why firms must look towards implementing forward thinking plans to maintain control and vigilance amid the constant risks posed by the current cyber threat landscape.
Rob Norris, VP Head of Enterprise & Cyber Security EMEIA at Fujitsu: “It’s sad to see that law firms are falling victim to cyber-attacks so frequently, particularly since the data they hold could leave the clients they serve incredibly vulnerable to fraud. As the technical capabilities of cyber-criminals continue to outpace the UK’s ability to deal with cyber threats, it’s obvious that more needs to be done to protect organisations.
With a focus on the severity of the matter, Steven Malone, Director of Security Management, Mimecast said: “Our research reveals that 20% of UK organisations have experienced impersonation attacks from their legal departments last year. These involve hackers falsely assuming the identity of high level people within an organisation.”
Awareness of cyber security appears to be spreading slowly, with top firms and well established companies still not enforcing a structured cyber security plan. Whole industries and businesses will either have to learn and work quickly on a security strategy, or learn the hard way.
John Madelin, CEO at Reliance acsn said: “On the flip side for some time now the security industry has lacked conviction, and has fundamentally failed to educate organisations in how to manage their security holistically. It’s about using the right technology and process which includes proper alerting and alarming, but also active hunting for cybercrime. The fact is until cyber-crime is taken seriously we’re going to be fighting an uphill battle.”