National Cyber Security Centre
Cyber security advice issued to law firms in first legal threat report
The NCSC's first legal threat report has been issued to law firms.
- NCSC legal sector threat report gives guidance to help firms protect themselves
- £11 million of client money stolen due to cyber crime over the last 12 months
- 60% of law firms reported to have suffered information security incident last year
- The Law Society welcomes practical and effective guidance to protect industry
Law firms have been urged to follow expert cyber security guidance after a report published yesterday (19 July) showed the scale of the threat they face.
The National Cyber Security Centre (NCSC) has published its first report into the cyber threat to the UK legal sector, which reveals that more than £11 million of client money was stolen by cyber criminals between 2016-17.
In the last year, 60% of law firms reported an information security incident - an increase of almost 20% from the previous 12 months.
The report outlines clear and actionable guidance that firms can follow, such as how to defend your practice against phishing, reduce the risk of malware infection and take effective control of your supply chain.
Ciaran Martin, Chief Executive of the NCSC said:
“Like all businesses, law firms are increasingly reliant on IT and technology and, as a result, are falling victim to a range of malicious cyber activity.
“Losing access to this technology, having funds stolen or suffering a data breach through a cyber attack can be devastating, both financially and reputationally, not only for the firm but also its clients.“
“The NCSC is committed to supporting the legal sector as part of our role to make the UK the safest place to live and do business online and that’s why we feel it’s extremely important to offer the tailored advice and guidance outlined in this report.”
Law firms are an attractive target for cyber attacks as they hold sensitive client information, handle significant funds and are a key enabler in commercial and business transactions.
Findings show the most significant cyber threats law firms face include phishing, data breaches, ransomware and supply chain compromise.
The Cyber Threat Assessment for the UK Legal Sector was created in collaboration with major law firms working under the NCSC Industry 100 scheme and the Law Society.
Christina Blacklaws, President of The Law Society said:
“As data controllers, law firms handle significant volumes of confidential and sensitive information and client monies as part of their daily work.
“In the post-GDPR world and as the sector delivers and transacts more online, it’s vital that we get a common view and understanding of cyber threats and their impact.
“The Law Society sees this report as a positive step to help our members spot vulnerabilities and put relevant safeguards and protections in place.”
To help firms further, the NCSC and industry partners have launched the ‘Legal Sector’ group on the free Cyber Information Sharing Platform (CiSP).
CiSP is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK business.
Notes to editors
- The full report can be seen here.
- The report’s estimation that £11 million of client money was reported stolen due to cyber crime between 2016-2017 was made by the Solicitors Regulation Authority (SRA).
- The private ‘Legal Sector’ CiSP group is tailored to the needs of UK law firms, giving a wealth of cyber expertise and advice. Full details on membership benefits and joining instructions can be found at www.ncsc.gov.uk/cisp. The NCSC, Law Society or Bold Legal Group can sponsor your organisation, as appropriate.
- The UK Government is fully committed to defending against cyber threats and address the cyber skills gap to develop and grow talent. The NCSC was created as part of the five year National Cyber Security Strategy (NCSS) announced in 2016, supported by £1.9billion of transformational investment
- The NCSC provides a single, central body for cyber security at a national level and is the UK’s technical authority on cyber. It manages national cyber security incidents, carries out real-time threat analysis and provides tailored sectoral advice. GCHQ is the parent body for the Centre, meaning that it can draw on the organisation’s world-class skills and sensitive capabilities.
- The UK Government’s behavioural change campaign for cyber security, Cyber Aware, promotes simple measures that small businesses and individuals can adopt to stay more secure online. Cyber Aware’s technical advice is provided by the NCSC. Further information on the campaign can be found here.
Latest News from
National Cyber Security Centre
Ciaran Martin's speech at the Annual Review 2018 launch17/10/2018 11:42:00
Ciaran Martin speaking at the launch event for the 2018 Annual Review (16th October)
NCSC deals with 1,100 cyber attacks in first two years17/10/2018 09:15:00
On its second anniversary, the NCSC has revealed it has defended the UK from an average of more than 10 attacks per week.
Annual Review 201816/10/2018 13:15:00
The Annual Review 2018 – the story of the second year of operations at the National Cyber Security Centre.
Gloucester children to benefit from groundbreaking cyber hub15/10/2018 15:05:00
Children in Gloucester will benefit from an innovative cyber environment in one of the NCSC's latest Cyber School Hubs.
Top cyber diplomat celebrated as “trailblazing”11/10/2018 13:22:00
Cyber expert Sarah Taylor given Marie Claire Future Shaper Award.
Reckless campaign of cyber attacks by Russian military intelligence service exposed04/10/2018 14:15:00
Today, the UK and its allies can expose a campaign by the GRU, the Russian military intelligence service, of indiscriminate and reckless cyber attacks targeting political institutions, businesses, media and sport.
NCSC response and advice following Facebook cyber incident01/10/2018 13:20:00
An official statement from the National Cyber Security Centre after Facebook announced a security issue affecting almost 50 million accounts.
NCSC releases core questions to help Britain's biggest boards understand their cyber risk13/09/2018 16:15:00
Speaking at the annual CBI Cyber Security: Business Insight Conference 2018, Ciaran Martin offered boards five questions that will help them to prepare for a cyber attack.