Skip to main content

As the National Cyber Security Centre (NCSC) reports that almost 75% of the UK’s top-100 law firms have been affected by cyberattacks in 2023, PureCyber discusses the current cyber landscape for the legal sector, what the main threats look like and how legal firms can safeguard sensitive data.

For any organisation, data confidentiality is a critical element in their relationship with customers and clients. This is particularly true for the legal sector, which holds a vast amount of extremely sensitive data and information.

The current cyber landscape for the legal sector

The legal sector is a particularly attractive target for cyber criminals. This is primarily because of the significant amount of confidential information they hold; whether this financial, personal, or legal. This includes client records, case files, financial documents, and intellectual property. This data is a goldmine for cyber criminals who can use it for various malicious purposes, including identity theft, corporate espionage, or extortion.

One of the primary motivations for cybercriminals is financial gain, and the legal sector offers plenty of opportunities for this. In addition to the data they hold, many firms also handle significant financial transactions, making them attractive targets for cybercriminals looking to siphon funds through fraudulent wire transfers or by manipulating financial records.

Many law firms can find it challenging to adopt robust cybersecurity measures for several reasons, this unfortunately can make them an easy target for cyber criminals.

Some of the key issues we have recently identified are: outdated unpatched software, weak passwords and poor password management, data storage and back up issues, coupled with inadequate governance and employee training. The good news is with the right advice and support these vulnerabilities can be quickly and easily rectified without disruption or downtime.

Current trends highlight several ever-prevalent issues in the sector, such as:

Third Party & Supply Chain Vulnerabilities

Supply chain vulnerabilities in the legal sector represent a growing concern, as law firms increasingly depend on third-party vendors and suppliers to support various aspects of their operations.

Cybercriminals have recognised this dependency and have started targeting these suppliers as a potential entry point to gain unauthorised access to law firms’ networks and sensitive data. To mitigate this threat law firms should conduct thorough risk assessments of each supplier in their supply chain, including a review of security policies, procedures, and past security incidents.


Cybercriminals use spear phishing attacks to specifically target senior individuals within law firms, often masquerading as clients or colleagues. These attacks can lead to compromised email accounts, stolen credentials, invoice fraud or malware infections, which can be used to access sensitive information or launch further attacks.

The legal sector frequently deals with intellectual property matters, making it an appealing target for cybercriminals seeking to steal trade secrets, patents, or proprietary information. This stolen information can be sold on the dark web or used to gain a competitive advantage in the business world.

Companies should adopt layers of security to mitigate the risk and impact of a phishing attack, such as Active-Threat detection, mail filtering, access controls and cyber-awareness training for all levels of staff.

Rise of Ransomware and Ransomware as a Service

Ransomware remains a core threat for law firms. Increasing attacks in 2023 prompted the NCSC to issue a threat report in June. This revealed that nearly 75% of the UK’s top-100 law firms have been affected by cyberattacks in 2023. The report also highlighted the trend of hackers for hire and ransomware as a service. These are malicious actors who earn commission by carrying out cyber-attacks for clients, often to gain the upper hand in business dealing or legal pursuits.

In April this year Australian law firm HWL Ebsworth suffered a cyber-attack by the ransomware-as-a-service group ALPHV/Blackcat. The attackers accessed over 4TB’s of data including employee CV and ID’s, financial data, credit card information and client documentation. Just a month later, Bryan Cave Leighton Paisner, with 25 offices in the UK and worldwide, was hit with a significant cyber-attack which exposed potential victims’ first and surnames, social security numbers, addresses, dates of birth, marital statuses, gender and employee identification numbers, leaving the firm facing serious reputational, operational, and financial implications.

We recommend that all law firms invest in robust cybersecurity measures to build a cyber confident organisation. Some simple key steps that can be introduced include:

  • Regular User Awareness Training: Educate employees about cybersecurity best practices, including recognising phishing attempts and using strong passwords.
  • Advanced Authentication: Implement multi-factor authentication to add an additional layer of security to user and administrator accounts.
  • Access Control: Restrict and track the use of administration accounts in operating systems and applications.
  • Regular Vulnerability Scanning, Patching & Updates: Keep all software and systems up to date.
  • Back Ups: Regular secure backups are key such as, external hard drives or cloud solutions, but make sure these are only connected to your systems when backing up to ensure they are protected when not in use.
  • Governance: This helps you organisation understand, what data you have, where it is and who uses it, this will help you make informed decisions when it comes to IT, schemes such as Cyber Essentials and IASME cyber assured are great starting points leading to ISO27001.
  • Incident response planning: Good cyber security should include planning for disaster, when something happens you don’t want that to be the first time you have thought about

Securing the legal sector from these threats is paramount to protecting clients and sensitive data. Prevention is most certainly better than dealing with the implications of a cyber incident.

To maintain a secure cyber security posture, recognising vulnerabilities and implementing pro-active strategies such as the ones detailed above is essential in any firm.

To view PureCyber’s subscription options and explore how its cyber experts can help to protect your law firm, click here.

Emma Waddingham

Emma Waddingham

Editor, Legal News

Emma Waddingham is the Editor & Founder of Legal News. She is a seasoned legal editor and journalist and experienced marketing & events consultant, working almost exclusively with the UK legal sector.