You are here:
  1. Home
  2. News
  3. Blog
  4. Are you the 65% or the 35%? 65% of law firms have been a victim of a cyber incident

Are you the 65% or the 35%? 65% of law firms have been a victim of a cyber incident

04 October 2017

In my last blog, I wrote about a train journey and the complacency shown by two commercial property solicitors chatting about their client in full earshot of everyone who might want to listen. The response was great, but the concerning message was that, as a sector, we are far too complacent about cybercrime. Unless we do something about it, and do it now, we will all continue to fall victim. It's just a matter of time.


Of course, theft isn't new; cybercrime just makes it that much easier. If I had wanted to steal your money 300 years ago, I would have been riding my trusty steed and holding up your stage coach with my pistols. 40 years ago, it would have been a sawn-off shotgun in your face and I'd be driving off in my Ford Granada with my swag bags stuffed with used fivers. Today, all I need to steal your money, your data and your identity is a device and a web connection, and I can do it from my spare bedroom, from the corner coffee shop, or indeed from my deckchair as I sit on the beach in the Maldives.

The extent of the threat is staggering

It was reported in August 2017 that identity theft has reached epidemic levels in the UK, with incidents running at almost 500 a day, according to the latest figures by Cifas (UK fraud prevention service). Firms holding personal data are more likely to be attacked, hello law firms, that's you.

The most common attacks are fraudulent emails, followed by viruses and malware. In the first six months of this year a record 89,000 cases of identity fraud were reported, typically involving criminals pretending to be an individual in order to steal their money, buy items or take out a loan or car insurance in their name. 53% of all UK fraud is online: 1.9 million offences. British citizens are 20 times more likely to be defrauded at their computer than held up in the street.

In the last eight years, more than 7.1 billion identities have been leaked worldwide because of company data breaches. There are 7.5 billion people on Earth, the majority of whom don't have internet access – so those of us that do have probably been hit several times over. If you haven't done so already, check if your email has been compromised. I check on a regular basis, and only last week found one of my email addresses was listed, so was immediately able to change my password. There's a funny and pointed Jimmy Kemel YouTube video which shows you how easy it is to crack passwords.

In April 2017 the government reported that nearly seven in ten large companies identified a breach or attack. LinkedIn, EE, National Lottery, BA, the NHS, TalkTalk, Deloitte, AA, Wonga and Equifax have all fallen victim, as have countless local authorities, high street retailers and charities and legal firms.

In the 2016 Crime Survey of England and Wales, fraud and computer misuse accounted for a total of 5.8 million crimes. Around 1.4 million people suffered a computer virus attack, with almost 650,000 reporting that their email or social media profile had been hacked. Anyone who thinks they may have been subject to online fraud or attempted fraud should report this to Action Fraud

The WannaCry ransomware attack that gripped the NHS in May spread worldwide in just a few hours. The attack had a disastrous effect on the NHS, and affected major corporate brands, government departments, universities and major infrastructure groups, including railways, airlines and telecoms. Over 250,000 computers in 150 countries were infected with the WannaCry virus and the criminals have been able to walk away with nearly $200,000. There is a fascinating and horrifying video on YouTube which shows how – and how quickly – the infection spread worldwide.

The legal sector: worrying complacency?

Every week, I'm reading about or talking to victims from the legal sector. A few months ago, I had the misfortune of interviewing several victims of cybercrime. The largest amount stolen was just under £1m, but the biggest impact was the £60,000 deposit that was taken from a single mum trying to get her life back together following a divorce. Logging on to a free wifi hotspot in an airport coffee shop was probably her biggest mistake, which eventually resulted in her being persuaded to send her deposit funds for her new flat to a different bank account than that of her solicitor.

With all the publicity around cybercrime, you'd have thought that complacency would have been eradicated. But last year, Cert-UK, the forerunner to the National Cyber Security Centre, published a report into the UK legal sector, which makes sobering reading. 65 per cent of firms have been a victim of a cyber incident, but despite the need to protect ourselves, 35 per cent of firms still do not have a cyber mitigation plan in place.

As for the insurance market, it is making money from our complacency. Swiss Re recently reported that the value of global cyber insurance premiums will almost quadruple in five years, from $10bn in 2015, to over $37.5bn by 2020. So either get your wallets open to pay increasing insurance premiums, or take action now.

Think cyberdefense, not just cybersecurity

Complacency is no longer an excuse, as there are so many resources available to ensure that you, your firm and your clients can at the very least mitigate the threat of cybercrime.

The National Cyber Security Centre has some great resources

The continually changing threat environment means ever more needs to be done to detect, prepare for, and adapt to potentially malicious activity. You've been warned: it's not only me that's watching you.

Find out more about cybercrime and our support and guidance

Explore our cybersecurity partnerships

Cyber Essentials is a Government-backed, industry-supported scheme

Watch live cyberattacks as they happen

Tags: security | cyber security

About the author

Graham Murphy is product manager for the Law Society’s Conveyancing Quality Scheme 

  • Share this page:
Authors

Adam Johnson | Adele Edwin-Lamerton | Alex Barr | Alex Heshmaty | Alexandra Cardenas | Amanda Carpenter | Amanda Jardine Viner | Amy Heading | Andrew Kidd | Andy Harris | Anna Drozd | Annaliese Fiehn | Anne Waldron | Asif Afridi and Roseanne Russell | Bansi Desai | Barbara Whitehorne | Barry Wilkinson | Ben Hollom | Bob Nightingale | Caroline Roddis | Caroline Sorbier | Catherine Dixon | Ciaran Fenton | David Gilroy | David Yeoward | Douglas McPherson | Dr Sylvie Delacroix | Duncan Wood | Eduardo Reyes | Elizabeth Rimmer | Emily Miller | Emma Maule | Gary Richards | Gary Rycroft | Graham Murphy | Hayley Stewart | Ignasi Guardans | James Castro Edwards | Jayne Willetts | Jeremy Miles | Jerry Garvey | Jessie Barwick | Joe Egan | Jonathan Andrews | Jonathan Smithers | Julian Hall | Julie Ashdown | Julie Nicholds | Karen Jackson | Kate Adam | Kayleigh Leonie | Keiley Ann Broadhead | Kerrie Fuller | Kevin Poulter | Larry Cattle | Laura Devine | Leah Glover and Julie Ashdown | LHS Solicitors | Lucy Parker | Mark Carver | Mark Leiser | Markus Coleman | Martin Barnes | Matthew Still | Meena Toor | Melissa Hardee | Neil Ford | Nick Denys | Nick Podd | Pearl Moses | Penny Owston | Peter Wright | Philippa Southwell | Preetha Gopalan | Rachel Brushfield | Ranjit Uppal | Richard Coulthard | Richard Heinrich | Richard Messingham | Richard Miller | Richard Roberts | Rita Oscar | Rob Cope | Robert Bourns | Robin Charrot | Rosy Rourke | Saida Bello | Sam De Silva | Sara Chandler | Sarah Austin | Sarah Crowe | Sarah Henchoz | Sarah Smith | Shereen Semnani | Sophia Adams Bhatti | Steve Deutsch | Steve Deutsche | Stuart Poole-Robb | Susan Kench | Suzanne Gallagher | Tom Ellen | Tony Roe Solicitors | Vanessa Friend

Tags

access to justice | anti-money laundering | apprenticeships | archive | artificial intelligence | Autumn Statement | bid process | brand | Brexit | British Bill of Rights | Budget | business | careers | centenary | charity | city | communication | Conservatives | conveyancing | court closures | court fees | courts | CPD | criminal legal aid | cyber security | David Cameron | development | Diversity Access Scheme | diversity and inclusion | education and training | elderly people | emotional resilience | employment law | equality | European Union | Excellence Awards | finance | George Osborne | human rights | human trafficking | immigration | in-house | International Womens Day | Investigatory Powers Bill | IT | Jeremy Corbyn | justice | knowledge management | Labour | law management | Law Society | leadership | legal aid | legal professional privilege | LGBT | Liberal Democrats | library | Liz Truss | Magna Carta | mass data retention | mediation | members | mention | mentoring | merger | modern slavery | morale | National Pro Bono Week | Parliament | party conferences | personal injury | Pii | politics | president | pro bono | productivity | professional indemnity insurance | represent | retweet | risk | rule of law | security | social media | social mobility | SRA | staff | strategy | stress | talent | tax | tax credits | team | technology | Theresa May | Time capture | training | Twitter | UKIP | value proposition | website | wellbeing | Westminster weekly update | wills