A quarter of all legal firms have been the subject of a cyber-attack.
According to the NatWest 2017 Legal Benchmark Report, London-based firms in particular suffered at the hands of cyber-criminals, with 36% affected, while 24% have experienced a fraud-related loss or cyber-attack in the last year.
Steve Arundale, head of commercial professional sectors at NatWest, said in the report that NatWest remains committed to supporting legal firms "in developing a successful and sustainable business."
In an email to Infosecurity, Jonathan Armstrong, partner at Cordery, said that law firms generally are the target for an increasing number of attacks. “There are a number of fraud scams doing the rounds and lawyers - especially those involved in M&A and real estate handle a lot of money which makes them special targets,” he said.
“At the same time lawyers are often regarded as the weak link in trying to get client data as the sense is that some are less well protected than their clients. This has been on the ICO's radar for some time but also on the radar of the SRA who regulate Solicitors. It's clear that lawyers need to take their responsibilities seriously both for their own business and that of their clients.”
According to PwC’s 2016 Law Firms Survey, 73 of the top 100 firms experienced an attack during the financial year 2015-2016, up from 62 in 2014-15.
Writing for the Law Gazette, Edward Donne, director of Howden, said: “We all have a duty to make these crimes as difficult as possible for the perpetrators. We would not like to be considered anti-competitive, but, at the same time, complex and valuable transactions need to be undertaken professionals alert to the problems.”
Steven Malone, director of security management at Mimecast, added: “The fact that a quarter of law firms have been hit by a cyber-attack or fraud over the last 12 months is bad; but what is worse is that this is only half the story.
“Our research reveals that 20% of UK organizations have experienced impersonation attacks from their legal departments last year - these involve hackers falsely assuming the identity of high level people within an organization. What’s clear is that in addition to traditional threats, businesses must also lookout for these types of attacks as this could affect customers and other key stakeholder without businesses realizing until it’s too late.”