Why law firms must focus on information security & cyber crime

Why law firms must focus on information security & cyber crime

Jun 2 2017

Fraud and cyber crime are becoming an increasingly prevalent feature of professional indemnity claims.  This is as true of the Master Policy as it is of other UK professionals - and solicitors are evidently a specific target of fraudsters.

You need to act now if your firm is not to be the next target.  And, be aware, the latest claims we as broker have seen, have all been six figure amounts.


Why are you a target?

You may be a sole practitioner practice doing what you consider to be 'low risk, low profile' work.  That isn't necessarily how fraudsters see you however.

  • As a law firm - you almost certainly have confidential details of a significant number of clients on file
  • You may have a client account holding significant sums - particulary if you undertake any conveyancing work
  • Fraudsters may well not have taken the time to differentiate between law firms - they are targeting law firms as a class of business, which therefore includes you.


UK Cyber Security Breaches Report findings

The UK government recently released a detailed report evaluating the risks to businesses of cyber crime.

It found that 45% of small UK businesses identified cyber security attacks in the last year, with an average cost of around £1,400. 

The numbers of businesses actually experiencing an attack or breach is much higher - estimated to be in excess of 70%. 

Larger businesses tend to be more aware, and the reported figures are therefore likely to be more accurate - and for these businesses, reported breaches are much higher in number and in cost.


Fraud & Cyber Crime impacting on law firms

Cyber crime is not a category of fraud in its own right.  It is simply a product of our modern ways of working - in which more and more of what we do is online and on-network.


PwC's 2016 Law Firm Survey revealed that cyber attacks on law firms had increased by 20% since 2014, with 73% of top 100 firms reporting having been hit by a cyber attack.



Email is your single biggest threat

72% of breaches reported to the Information Commissioner relate to fraudulent email.  And other research seen by Lockton suggests that up to 91% of cyber attacks start with a phishing email.

The costs of a cyber breach or online fraud can be significant. 

The law firm behind the 'Panama Papers' information security breach, Mossack Fonseca has suffered significant reputational damage at the very least, and is now a case-study on cyber security world-wide.

Firms that have had their email hacked have experienced losses in the £hundreds of thousands.

And Ransomware attacks can disable firms systems for days, unless sufficient precautions have been taken.


Action Points

  1. Put Information Security, Fraud & Cyber Security high on your management agenda

  2. Become Cyber Essentials accredited

  3. Follow our simple guidance on email-security

  4. Use our password security e-learning across your office

  5. Download our information security posters

  6. Review your insurance covers - consider whether fidelity, cyber or crime insurance is an add-on you need (download our Cyber Security infographic and Guide to Insurance Covers for more information)




To Contact Us By Phone

Our Master Policy Switchboard is available 9am - 5pm, Monday - Friday (except for public holidays, when we are closed).Master Policy Switchboard: 0131 345 5599