How to prepare for evolving cybercrime threats

Cybercrime has become a major business risk for law firms and the threat is increasing.

Attacks on UK firms jumped 77% in 2024, and one in five firms suffered a data breach in 2025, with nearly 40% of those incidents exposing sensitive client data.

The average cost of a data breach in 2024 for UK organisations was £3.58 million, so the stakes are high.

With law firms holding vast amounts of confidential information and facilitating high-value transactions, they are among the most attractive targets for cybercriminals.

Emerging technologies increase the threat. AI is being weaponised by attackers to create highly convincing phishing emails and automate social engineering (when people are tricked into fraud) at scale.

This makes it harder to detect than ever.

Generative AI enables attackers to create convincing personalised messages that bypass traditional detection.

These tactics, combined with ransomware and supply-chain compromises, can lead to significant financial impact and erode the trust of clients.

Head of resilience and security at Lloyds Business and Commercial Banking, Giles Taylor, says: “Having a robust cyber response plan to limit the impact to your clients and your organisation is imperative.”

Why law firms are targeted

Law firms are chosen by cybercriminals because they hold highly sensitive client and financial data, deal with large financial transactions and rely on confidentiality.

Digital systems and supplier connections create multiple entry points for fraudsters, making them attractive for ransomware, data theft and extortion.

Phishing remains one of the top threats and attacks are becoming more sophisticated.

Phishing accounted for 85% of cybercrimes experienced by businesses in 2025, with cyber incidents doubling between 2024 and 2025.

Other major threats for law firms to be wary of include supply-chain attacks, business email compromise and AI-enabled social engineering.

The financial and reputational risks

The impact of a cyberattack is much greater than just financial loss.

Dealing with regulatory obligations, such as reporting breaches to the Information Commissioner’s Office (ICO) within 72 hours, can be costly and complex.

Disruption to operations, especially from ransomware, can put a stop to business, while reputational damage can impact client trust.

For law firms, trust is a currency and once it’s lost, it can be hard to regain.

Building resilience: strategies for defence and recovery

Here are five tips to prepare your response in the event of an attack:

1. Be cyber aware

Provide security education relevant to the roles in your organisation, from basic phishing training to detailed technical and risk management skills.

2. Understand what resources are critical for your firm to protect and be able to recover

• Identify your most critical processes, systems, data and third parties
• Encrypt your important data and have offline back-ups
• Have contingency plans
• Gain assurance from your suppliers that they are following industry best practice (for example the UK Security Software Code of Practice)

3. Plan for incidents and recovery

• Develop and regularly test a cyber incident plan, including contact details, external cyber recovery partners and cyber insurance
• Ensure key stakeholders have a printed copy of the plan

4. Test, certify and gain assurance

• Consider security certifications through schemes like UK Cyber Essentials
• Proactively test the security of your organisation and address weaknesses
• Follow industry best practice from the National Cyber Security Centre (NCSC)

5. Manage financial resilience and risk transfer

• Have adequate working capital and cash flow to maintain operations and financial stability if cybercriminals strike
• Secure comprehensive cyber insurance, such as cyber insurance options from Lloyds, to cover breach response, regulatory fines and business interruption

Recovery and resilience: beyond prevention

Resilience is about recovery and continuity rather than just defence.

After an attack, it’s critical to restore your organisation’s operations as quickly as possible.

This means having clear plans in place and pre-identified crisis teams, and trusted partners on standby. This can be for legal, technical and insurance matters.

After the incident, make sure you conduct forensic analysis, cleanse recovered data and communicate transparently with clients and regulators.

Where to go from here

Some key ways to prepare can include:

• review your current resilience and recovery strategies
• engage with your critical suppliers and insurance partners
• invest in staff training and robust technical controls
• treat cyber resilience as a board-level, strategic priority

Cyberattacks on law firms have become inevitable. The firms that successfully defend themselves will be those that treat resilience as a strategic priority, not just an IT issue.

Your reputation and your clients depend on it, so start today.