You are here:
  1. Home
  2. News
  3. Blog
  4. Are you the 65% or the 35%? 65% of law firms have been a victim of a cyber incident

Are you the 65% or the 35%? 65% of law firms have been a victim of a cyber incident

04 October 2017

In my last blog, I wrote about a train journey and the complacency shown by two commercial property solicitors chatting about their client in full earshot of everyone who might want to listen. The response was great, but the concerning message was that, as a sector, we are far too complacent about cybercrime. Unless we do something about it, and do it now, we will all continue to fall victim. It's just a matter of time.

Of course, theft isn't new; cybercrime just makes it that much easier. If I had wanted to steal your money 300 years ago, I would have been riding my trusty steed and holding up your stage coach with my pistols. 40 years ago, it would have been a sawn-off shotgun in your face and I'd be driving off in my Ford Granada with my swag bags stuffed with used fivers. Today, all I need to steal your money, your data and your identity is a device and a web connection, and I can do it from my spare bedroom, from the corner coffee shop, or indeed from my deckchair as I sit on the beach in the Maldives.

The extent of the threat is staggering

It was reported in August 2017 that identity theft has reached epidemic levels in the UK, with incidents running at almost 500 a day, according to the latest figures by Cifas (UK fraud prevention service). Firms holding personal data are more likely to be attacked, hello law firms, that's you.

The most common attacks are fraudulent emails, followed by viruses and malware. In the first six months of this year a record 89,000 cases of identity fraud were reported, typically involving criminals pretending to be an individual in order to steal their money, buy items or take out a loan or car insurance in their name. 53% of all UK fraud is online: 1.9 million offences. British citizens are 20 times more likely to be defrauded at their computer than held up in the street.

In the last eight years, more than 7.1 billion identities have been leaked worldwide because of company data breaches. There are 7.5 billion people on Earth, the majority of whom don't have internet access – so those of us that do have probably been hit several times over. If you haven't done so already, check if your email has been compromised. I check on a regular basis, and only last week found one of my email addresses was listed, so was immediately able to change my password. There's a funny and pointed Jimmy Kemel YouTube video which shows you how easy it is to crack passwords.

In April 2017 the government reported that nearly seven in ten large companies identified a breach or attack. LinkedIn, EE, National Lottery, BA, the NHS, TalkTalk, Deloitte, AA, Wonga and Equifax have all fallen victim, as have countless local authorities, high street retailers and charities and legal firms.

In the 2016 Crime Survey of England and Wales, fraud and computer misuse accounted for a total of 5.8 million crimes. Around 1.4 million people suffered a computer virus attack, with almost 650,000 reporting that their email or social media profile had been hacked. Anyone who thinks they may have been subject to online fraud or attempted fraud should report this to Action Fraud

The WannaCry ransomware attack that gripped the NHS in May spread worldwide in just a few hours. The attack had a disastrous effect on the NHS, and affected major corporate brands, government departments, universities and major infrastructure groups, including railways, airlines and telecoms. Over 250,000 computers in 150 countries were infected with the WannaCry virus and the criminals have been able to walk away with nearly $200,000. There is a fascinating and horrifying video on YouTube which shows how – and how quickly – the infection spread worldwide.

The legal sector: worrying complacency?

Every week, I'm reading about or talking to victims from the legal sector. A few months ago, I had the misfortune of interviewing several victims of cybercrime. The largest amount stolen was just under £1m, but the biggest impact was the £60,000 deposit that was taken from a single mum trying to get her life back together following a divorce. Logging on to a free wifi hotspot in an airport coffee shop was probably her biggest mistake, which eventually resulted in her being persuaded to send her deposit funds for her new flat to a different bank account than that of her solicitor.

With all the publicity around cybercrime, you'd have thought that complacency would have been eradicated. But last year, Cert-UK, the forerunner to the National Cyber Security Centre, published a report into the UK legal sector, which makes sobering reading. 65 per cent of firms have been a victim of a cyber incident, but despite the need to protect ourselves, 35 per cent of firms still do not have a cyber mitigation plan in place.

As for the insurance market, it is making money from our complacency. Swiss Re recently reported that the value of global cyber insurance premiums will almost quadruple in five years, from $10bn in 2015, to over $37.5bn by 2020. So either get your wallets open to pay increasing insurance premiums, or take action now.

Think cyberdefense, not just cybersecurity

Complacency is no longer an excuse, as there are so many resources available to ensure that you, your firm and your clients can at the very least mitigate the threat of cybercrime.

The National Cyber Security Centre has some great resources

The continually changing threat environment means ever more needs to be done to detect, prepare for, and adapt to potentially malicious activity. You've been warned: it's not only me that's watching you.

Find out more about cybercrime and our support and guidance

Explore our cybersecurity partnerships

Cyber Essentials is a Government-backed, industry-supported scheme

Watch live cyberattacks as they happen

Tags: security | cyber security

About the author

Graham Murphy is product manager for the Law Society’s Conveyancing Quality Scheme 

  • Share this page:

Adam Johnson | Adele Edwin-Lamerton | Ahmed Aydeed | Alex Barr | Alex Heshmaty | Alexa Lemzy | Alexandra Cardenas | Amanda Adeola | Amanda Carpenter | Amanda Jardine Viner | Amy Bell | Amy Heading | an anonymous sole practitioner | Andrew Kidd | Andrew McWhir | Andy Harris | Anna Drozd | Annaliese Fiehn | Anne Morris | Anne Waldron | anonymous female solicitor | Asif Afridi and Roseanne Russell | Bansi Desai | Barbara Whitehorne | Barry Wilkinson | Becky Baker | Ben Hollom | Bhavisha Mistry | Bob Nightingale | Bridget Garrood | Caroline Marlow | Caroline Roddis | Caroline Sorbier | Carolyn Pepper | Catherine Dixon | Chris Claxton-Shirley | Christina Blacklaws | Ciaran Fenton | CV Library | Daniel Matchett | Daphne Perry | David Gilroy | David Yeoward | Douglas McPherson | Duncan Wood | Elijah Granet | Elizabeth Rimmer | Emily Miller | Emily Powell | Emma Maule | Floyd Porter | Gary Richards | Gary Rycroft | Graham Murphy | Gustavo Bussmann | Hayley Stewart | Hilda-Georgina Kwafo-Akoto | Ignasi Guardans | James Castro Edwards | Jane Cassell | Jayne Willetts | Jeremy Miles | Jerry Garvey | Jessie Barwick | Joe Egan | Jonathan Andrews | Jonathan Fisher | Jonathan Smithers | Jonathon Bray | Julian Hall | Julie Ashdown | Julie Nicholds | June Venters | Justin Rourke | Karen Jackson | Kate Adam | Katherine Cousins | Kaweh Beheshtizadeh | Kayleigh Leonie | Keiley Ann Broadhead | Kerrie Fuller | Kevin Hood | Kevin Poulter | Larry Cattle | Laura Bee | Laura Devine | Laura Uberoi | Leah Glover and Julie Ashdown | Leanne Yendell | Lee Moore | LHS Solicitors | Linden Thomas | Lucy Parker | Maria Shahid | Marjorie Creek | Mark Carver | Mark Leiser | Markus Coleman | Martin Barnes | Mary Doyle | Matt Oliver | Matthew Still | Max Rossiter | Melissa Hardee | Michael Henson-Webb | Neil Ford | Nick Denys | Nick O'Neill | Nick Podd | Nikki Alderson | Oz Alashe | Patrick Wolfe | Paul Rogerson | Pearl Moses | Penny Owston | Peter Wright | Philippa Southwell | Preetha Gopalan | Prof Sylvie Delacroix | Rachel Brushfield | Rafie Faruq | Ranjit Uppal | Ravi Naik | Remy Mohamed | Richard Collier | Richard Coulthard | Richard Heinrich | Richard Mabey | Richard Messingham | Richard Miller | Richard Roberts | Rita Gupta | Rob Cope | Robert Bourns | Robin Charrot | Rosa Coleman | Rosy Rourke | Sachin Nair | Saida Bello | Sally Azarmi | Sally Woolston | Sam De Silva | Sara Chandler | Sarah Austin | Sarah Crowe | Sarah Henchoz | Sarah Smith | Shereen Semnani | Shirin Marker | Siddique Patel | Simon Day | Sofia Olhede | Sonia Aman | Sophia Adams Bhatti | Sophie O'Neill-Hanson | Steve Deutsch | Steve Thompson | Stuart Poole-Robb | Sue James | Susan Kench | Suzanne Gallagher | The Law Society Digital and Brand team | Tom Chapman | Tom Ellen | Tony Roe | Tracey Calvert | Umar Kankiya | Vanessa Friend | Vicki Butler | Vidisha Joshi | William Li | William McSweeney