Skip to main content
Open menu
Resources & insights

Top cyber security risks in the legal sector


Cyber security risks are a hot topic in the area of law firm compliance right now, and rightly so.

A quarter of law firms have reported being the victim of a cyber attack, of which nearly one in ten result in money being stolen.

With cyber crime risks continually evolving as criminals devise new ways of beating security software and tricking people into handing over their personal or business details, it makes sense to be aware of what the newest cyber risks are – and the steps you need to take to ensure your firm stays secure and compliant.

Recommended reading: A guide to cloud for legal professionals

1. Ransomware 

The threat of malware – software that seeks to disrupt, damage or gain unauthorised access to computer systems – has been around for a while now, and one of the fastest growing forms of malware today is called ransomware.

As its name suggests, ransomware blackmails its victims by locking down access to systems and data, and promising only to return access in exchange for a sum of money – usually one or two bitcoins (at today’s rate that is around £900 – £1800). However, many law firms would pay such sums if it ensured that their data was recovered in full – if not, the financial impacts could be much more significant.

The problem with ransomware is that, even if the sum is paid, research from TrendMicro suggests that a fifth of organisations do not actually receive their data back. Even if they do, the costs to law firms is still significant, with consequences including lost files, reputational damage and a breakdown in client relationships, and a significant loss of time to put the issue right.

If your Disaster Recovery Plan is not optimised for such attacks, you should ensure that you can get your backups live in minutes, rather than hours or days, so that significant time is not lost rectifying the problem.

Free whitepaper: A guide to cloud for legal professionals

2. Online activism to cause downtime – DDoS attacks

Deloitte has predicted that in 2017, Distributed Denial of Service (DDoS) attacks “will become large in scale, harder to mitigate (increasing the severity of impact) and more frequent”. This form of cyber attack involves a concentrated overloading a business’s servers in order to cause downtime, either by activist groups or as a result of systems being hijacked with malware. Such attacks can result in computer systems crashing for long periods, causing major business disruption.

The first and best defence against DDoS is to recognise an attack and respond early. You should ensure that you invest in the right technology to help identify such attacks, such as anti-DDoS software, and have a team on-hand that are proactively monitoring your server for spikes in network traffic or a slowdown in performance. Your team – whether internal or external – should also have up-to-date experience and knowledge in what the latest attacks and prevention methods are, along with access to back-up ISPs to reroute traffic in the event of an attack.

3. Friday afternoon fraud

Whilst not a new cyber threat as such, it is the most prevalent legal cybercrime risk and is only likely to rise further as criminals find new ways of tricking law firms. The SRA’s figures show that 75% of cybercrimes reported to them are of Friday afternoon fraud and the Financial Times  reported last year that QBE Insurance had received 150 claims over an 18-month period, resulting in £85 million of claims. The money stolen typically ranges from £65,000 to £1.9 million.

Friday afternoon fraud’s namesake is attributed to when conveyancing deals often complete. Criminals traditionally would pose as lender or clients over the phone but are now just as likely to hack into your law firm’s systems to steal client monies sitting awaiting completion by accessing and altering email correspondence between the client and its solicitor so that funds are redirected.

It is imperative that your computer systems are up-to-date and installed with the latest anti-virus and malware software to help protect against the risk of hacking and malware scams where client monies can be lost.

Lawyers should still be mindful of fraud arising from non-cyber activities, such as telephone calls or instructions that are unusual or change at the last minute, and should ensure that policies are in place such as not providing bank details over the phone without an outward call to the bank to verify the call.

4. Data Breaches

Data breaches represent one of the most pressing cyber security concerns for the legal industry. Whether it’s a large-scale hack or a targeted attack, the consequences of a data breach can be catastrophic.  

Legal firms store a wealth of sensitive information, including personally identifiable information (PII), financial records, and privileged communications. If this data falls into the wrong hands, it can lead to severe legal and reputational repercussions. 

One common avenue for data breaches in the legal sector is through phishing attacks. Cyber criminals often use sophisticated tactics, such as spear-phishing emails tailored to specific individuals within a firm, to trick employees into divulging login credentials or downloading malicious attachments. Once inside the network, hackers can exfiltrate sensitive data or deploy ransomware, locking down systems until a ransom is paid. The target is to compromise the account (business email compromise), so the attacker can access a victim’s mailbox, send large scale phishing emails from them, and target a victim’s contacts. 

To combat the threat of data breaches, legal organisations must prioritise cyber security awareness and education among staff members. Implementing robust email security measures, such as spam filters and multi-factor authentication (MFA), can help defend against phishing attacks. Additionally, regular security assessments and penetration testing can identify vulnerabilities in systems and processes before they are exploited by malicious actors. 

5. Insider Threats

While external cyber attacks often dominate headlines, insider threats pose a significant risk to the security of legal firms. Insider threats can take many forms, including disgruntled employees seeking to harm their employer or unwitting staff members falling victim to social engineering tactics. Trusted insiders with access to sensitive information can inflict considerable damage if their credentials are compromised or if they intentionally misuse their privileges. 

The nature of the legal profession, with its emphasis on confidentiality and privileged communication, amplifies the impact of insider threats. A rogue employee or contractor with access to privileged client information could leak sensitive details or sell them to third parties, resulting in severe legal and ethical implications. 

Mitigating insider threats requires a multi-faceted approach that combines technological controls with proactive monitoring and employee training. Implementing access controls and segregation of duties can limit the potential damage that a single insider can inflict. Regularly reviewing user access rights and conducting background checks on employees can help identify potential insider threats before they escalate. 


All of these cyber risks can result in some law firms shying away from adopting innovative cloud solutions. However, the choice need not be between innovative delivery of client services and maintaining data and client confidentiality. Find out more about the benefits that cloud technology can bring and how to ensure you minimise cyber risks with our eBook: A guide to cloud for legal professionals.

Related posts


Current Phishing Attack Affecting Capital Markets Firms

Read more


A guide to cloud for legal professionals




Read more

We’re here to help

If you want to achieve better outcomes for your business through a more intelligent use of technology, talk to us.

Contact us