National Cyber Security Centre
Cyber security advice issued to law firms in first legal threat report
The NCSC's first legal threat report has been issued to law firms.
- NCSC legal sector threat report gives guidance to help firms protect themselves
- £11 million of client money stolen due to cyber crime over the last 12 months
- 60% of law firms reported to have suffered information security incident last year
- The Law Society welcomes practical and effective guidance to protect industry
Law firms have been urged to follow expert cyber security guidance after a report published yesterday (19 July) showed the scale of the threat they face.
The National Cyber Security Centre (NCSC) has published its first report into the cyber threat to the UK legal sector, which reveals that more than £11 million of client money was stolen by cyber criminals between 2016-17.
In the last year, 60% of law firms reported an information security incident - an increase of almost 20% from the previous 12 months.
The report outlines clear and actionable guidance that firms can follow, such as how to defend your practice against phishing, reduce the risk of malware infection and take effective control of your supply chain.
Ciaran Martin, Chief Executive of the NCSC said:
“Like all businesses, law firms are increasingly reliant on IT and technology and, as a result, are falling victim to a range of malicious cyber activity.
“Losing access to this technology, having funds stolen or suffering a data breach through a cyber attack can be devastating, both financially and reputationally, not only for the firm but also its clients.“
“The NCSC is committed to supporting the legal sector as part of our role to make the UK the safest place to live and do business online and that’s why we feel it’s extremely important to offer the tailored advice and guidance outlined in this report.”
Law firms are an attractive target for cyber attacks as they hold sensitive client information, handle significant funds and are a key enabler in commercial and business transactions.
Findings show the most significant cyber threats law firms face include phishing, data breaches, ransomware and supply chain compromise.
The Cyber Threat Assessment for the UK Legal Sector was created in collaboration with major law firms working under the NCSC Industry 100 scheme and the Law Society.
Christina Blacklaws, President of The Law Society said:
“As data controllers, law firms handle significant volumes of confidential and sensitive information and client monies as part of their daily work.
“In the post-GDPR world and as the sector delivers and transacts more online, it’s vital that we get a common view and understanding of cyber threats and their impact.
“The Law Society sees this report as a positive step to help our members spot vulnerabilities and put relevant safeguards and protections in place.”
To help firms further, the NCSC and industry partners have launched the ‘Legal Sector’ group on the free Cyber Information Sharing Platform (CiSP).
CiSP is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK business.
Notes to editors
- The full report can be seen here.
- The report’s estimation that £11 million of client money was reported stolen due to cyber crime between 2016-2017 was made by the Solicitors Regulation Authority (SRA).
- The private ‘Legal Sector’ CiSP group is tailored to the needs of UK law firms, giving a wealth of cyber expertise and advice. Full details on membership benefits and joining instructions can be found at www.ncsc.gov.uk/cisp. The NCSC, Law Society or Bold Legal Group can sponsor your organisation, as appropriate.
- The UK Government is fully committed to defending against cyber threats and address the cyber skills gap to develop and grow talent. The NCSC was created as part of the five year National Cyber Security Strategy (NCSS) announced in 2016, supported by £1.9billion of transformational investment
- The NCSC provides a single, central body for cyber security at a national level and is the UK’s technical authority on cyber. It manages national cyber security incidents, carries out real-time threat analysis and provides tailored sectoral advice. GCHQ is the parent body for the Centre, meaning that it can draw on the organisation’s world-class skills and sensitive capabilities.
- The UK Government’s behavioural change campaign for cyber security, Cyber Aware, promotes simple measures that small businesses and individuals can adopt to stay more secure online. Cyber Aware’s technical advice is provided by the NCSC. Further information on the campaign can be found here.
Original article link: https://www.ncsc.gov.uk/news/cyber-security-advice-issued-law-firms-first-legal-threat-report
Latest News from
National Cyber Security Centre
UK and allies expose Snake malware threat from Russian cyber actors10/05/2023 13:10:00
Snake malware and its variants have been a core component in Russian operations carried out by Centre 16 of Russia’s Federal Security Service (FSB).
UK and international partners publish joint guidance to help communities create secure smart cities21/04/2023 10:05:00
New guide, published during CYBERUK 2023, sets out cyber security best practices for creating connected places.
Peace process accelerated Northern Ireland's rise as global cyber security hub, UK cyber chief says21/04/2023 09:05:00
Northern Ireland continues to play a critical role in securing UK-wide online resilience 25 years after the pivotal accord was signed.
New analysis highlights strength of Ukraine's defence against “unprecedented” Russian offensive20/04/2023 15:10:00
Report from the European Cyber Conflict Research Initiative (ECCRI) gives new insights into the role of cyber criminals and political hacktivists in a conflict, and critical questions around industry support to Ukraine's cyber resilience.
UK and international partners share advice to help turn the dial on tech product security13/04/2023 16:15:00
New guide calls on manufacturers to ensure technology products are made secure by design and by default.
Business leaders urged to grip cyber risks with fresh support from experts30/03/2023 17:20:00
Refreshed guidance from the NCSC will support board members govern online risk.
NCSC launches flagship new services to help millions of small organisations stay safe online22/03/2023 14:20:00
New online tools for small organisations to help find and fix any cyber security issues.
International leaders to take centre stage at CYBERUK 2023 in Belfast15/03/2023 16:15:00
Top officials from the U.S., Canada, New Zealand and Singapore amongst speakers for CYBERUK 2023 announced yesterday.