Cyber Security
Image of National Cyber Security Centre's cyber threat report update for 2023.

Cyber security in the UK legal sector: how can UK law practices protect themselves in 2023? 

The UK legal sector has been warned of growing cyber security threats, with the Government urging increased and modernised defences. Following the release of the National Cyber Security Centre (NCSC)’s Cyber Threat Update for 2023, it is now clear that law practices and legal departments across the country are facing a widening range of targeted cyber attacks without adequate cyber security measures in place. How can the UK legal sector better arm itself to protect the valuable data and sensitive client information in its possession? As the cyber landscape continually evolves, improvements need to be made fast. 

Why is the UK legal sector a target for cyber attacks? 

Analysts for the NCSC’s update found that 32% of UK businesses inclusive of the legal sector were victims of identified cyber attacks. The legal sector forms a large part of the UK’s economy, with an estimated total revenue of £43.9 billion for this year from over 32,900 registered enterprises. As an industry regularly handling large volumes highly sensitive information that is evidently worth a lot of money, the legal sector is vulnerable to all types of cybercriminals.  

What are the main types of cyber attacks that the UK legal sector faces? 

  1. Phishing 

Phishing is an inbound style of accumulating sensitive or protected data. Criminals will create scam emails, text messages, social media comments, website pages and forms and/or phone calls to entice victims to volunteer information that will help the criminal infiltrate a data system. Usually, the criminal will seek common login details such as passwords, pin codes, email addresses, phone numbers and secret answers, to bypass encryption and hack into a system without being flagged as suspicious activity. 

  1. Business email compromise 

Business email compromise (BEC) is more detailed and target-specific than phishing. The criminal will craft a scam campaign of communications designed for a particular stakeholder in an organisation, usually a senior executive or budget holder, to trick in them into wilfully disclosing sensitive information. BEC is usually more likely to bypass email spam filters, due to criminals using legitimate email accounts and making less use of suspicious attachments or links. 

  1. Malware 

Malware abbreviates from ‘malicious software’ and describes software that compromises an individual or company system. The malware often encrypts all data found on the system, so it cannot be used, or prevents all user access so that the criminal can steal the data. Victims may receive communications from the criminal, often a payment request, in order to regain access to their system, though victims are highly discouraged by UK law enforcement to make payments to cybercriminals. Common types of malwares are:  

  • Adware (false, intrusive adverts that interfere with internet use or attempt to scam the user), Viruses (malicious code that corrupts files and applications on a system) 
  • Trojans (malware disguised as another legitimate software product for download) 
  • Spyware (programs that run in the background and allow criminals to observe live user behaviour) 
  • Bots (interactive malware that can create commands or trigger processes on a system independent of the user) 
  1. Password attacks 

Password attacks refer to any type of malpractice when using passwords. This involves the criminal gaining access to an IT system by using an ill-gotten password through phishing or BEC or using an algorithm to decode potential passwords for one or more accounts. To make this attack less effective, organisations should implement policies against sharing passwords, reusing passwords for different applications and systems, and creating weak passwords. The organisation should also encourage good practises such as using two-factor authentication and user inactivity timeouts.  

  1. Supply chain attacks 

Supply chain attacks are attacks that encompass one or more of the above attacks, but through a third-party that can give the criminal access to a business’s IT system. The most common type of supply chain attack is on IT agencies, who supply IT services to multiple different businesses, accountancies, and cleaning companies. 

Who is targeting the cyber security of UK law practices and legal departments? 

Beyond the obvious motivations of criminal parties wanting to overthrow the cause of justice in ongoing criminal cases, the legal sector is an attractive target for other reasons.  

Heavily reliant on extensive complex IT systems to run daily business, law firms and legal departments are frequently targeted by ransomware gangs, who seek payment to restore IT systems they have compromised.  

Extortion attempts can also extend to commercial, contractual or corporate transactions, where parties of interest may want to skew a legal decision in their favour. These parties of interest can be as big in size as whole nation states, who are seeking to further their national agenda.  

Finally, reputation is a key selling point for a law firm’s services to clients. Though less common, there are reported instances of insider threats, rival enterprises or hostile parties such as ‘hacktivists’ seeking to ruin a law firm’s reputation through cybercrime. Motivations could be to reduce competition in their legal field, further a political agenda, or retaliate as part of a dispute with the firm. 

How has cyber security changed in the UK legal sector in the last 5 years? 

Since 2018, serious changes to work culture have further increased reliance on digital technologies in business. Following the COVID-19 pandemic from March 2020, forced work-from-home policies and isolation mandates meant that employees were now working from multiple locations, and thus using multiple servers to interface with their employer’s central IT system. For many companies, this meant installing new software and applications, such as VPNs, to ensure their system was secure and safe from data breaches. However, the increased risk of breaches was still enticing to cybercriminals, with 30 out of 40 law firms visited by the Solicitors Regulation Authority (SRA) in 2020 reporting they had been targeted by a cyber attack. 

Remote working policies have now become “the new normal”, meaning the increased risk remains, but the defences in place have not improved enough for many legal enterprises across the UK. The legal sector is an industry with a wide-reaching range of organisations, with the vast majority being small-to-medium practises or sole practitioners. This majority often rely on third-party IT systems, due to budget and size of organisation, which can make management of cyber security practises less of a priority. 

How can the UK legal sector improve their cyber security? 

While employees in the legal sector have improved their understanding of cyber security practises since the pandemic, improvements must continue. NCSC have encouraged mandatory staff training and awareness on cyber attacks, and to foster an internal “security culture” where best practises become second nature. Policies that prioritise data compliance and maintaining identity protection and confidentiality when necessary can also help to reduce breaches before cyber intervention, such as equipment audits and thorough whistleblowing and grievance procedures. 

With cyber security being a crucial element to protecting not just employee and client safety, but also business finances, hiring an in-house or freelance cyber security analyst can guarantee the health of your cyber security measures is monitored regularly, and updated as soon as possible when necessary. 

Cyber security encompasses a range of skills, including preventing attacks, monitoring and evaluating systems, troubleshooting for users, designing and implementing new security systems, defining policies for access and control of systems, and much more. 

If you’ve every been interested in a cyber security career, the legal industry is in greater need of cyber security professionals than ever. Look into our cyber security opportunities at iMeta and see if you have what it takes to keep businesses safe and secure. 


Molly Forsyth

Leave a comment

Your email address will not be published. Required fields are marked *