New NCSC report outlines the growing threat to the legal sector, with recommendations to improve cyber resilience.
A new threat report published today reveals why the legal sector is particularly vulnerable to cyber attacks, the methods used by online criminals, and how organisations working in the sector can best defend themselves.
Cyber threat report: UK legal sector is published by the NCSC with the assistance of the NCSC-sponsored Industry 100 scheme, the Law Society, Bar Council, the Solicitors Regulation Authority (SRA), Action Fraud and the National Crime Agency (NCA). It has been written for law practices of all sizes and types of work, from sole practitioners, high street and mid-size firms, to barristers’ chambers, in-house legal departments and international corporate firms.
As the report explains, cyber criminals are not fussy about who they attack, which means small and large firms are at risk. Organisations in the legal sector routinely handle large amounts of money and highly sensitive information, which makes them attractive targets. Furthermore, firms are increasingly vulnerable due to the widespread adoption of hybrid working – accelerated during the COVID-19 pandemic – and the increasing sophistication of cyber attacks.
The report offers practical guidance on how organisations can be resilient to these threats, and includes case studies from the sector to bring the report to life, as well as key statistics from the Solicitors Regulatory Authority (SRA) and the Cyber Breaches Survey 2023. It also directs readers to a range of NCSC-based online resources and services that can help them to protect their organisations, suppliers and clients. These include free services such as:
- Check Your Cyber Security, a government service suitable for smaller firms, that performs a range of simple online checks to identify common vulnerabilities in your public-facing IT.
- Exercise in a Box, an online tool which helps organisations find out how resilient they are to cyber attacks, and practise their incident response in a safe environment.
- Early Warning, a service using information feeds from the NCSC, plus trusted public, commercial and closed sources to inform your organisation of potential cyber attacks on your network.
In her foreword to the report, Lindy Cameron (the NCSC’s CEO) said:
“Recent examples of cyber attacks affecting the legal sector have lead to a growing understanding of the problem at the highest levels of corporate governance. The NCSC welcomes the increased support and investment in cyber security we’re seeing across the sector.
The legal sector is important to the NCSC as lawyers, legal practices and law firms play an essential role in the UK’s economy and society. We rely on them for the delivery of justice, the resolution of disputes, and the conduct of business. This report will help ensure that the sector is as resilient as possible to cyber attack.
We are committed to helping the sector stay one step ahead of the threat, so if you’ve any feedback on this report, or any suggestions for what more we can do to help, please don’t hesitate to get in touch via the NCSC website.”