National Cyber Security Centre
Cyber security advice issued to law firms in first legal threat report
The NCSC's first legal threat report has been issued to law firms.
- NCSC legal sector threat report gives guidance to help firms protect themselves
- £11 million of client money stolen due to cyber crime over the last 12 months
- 60% of law firms reported to have suffered information security incident last year
- The Law Society welcomes practical and effective guidance to protect industry
Law firms have been urged to follow expert cyber security guidance after a report published yesterday (19 July) showed the scale of the threat they face.
The National Cyber Security Centre (NCSC) has published its first report into the cyber threat to the UK legal sector, which reveals that more than £11 million of client money was stolen by cyber criminals between 2016-17.
In the last year, 60% of law firms reported an information security incident - an increase of almost 20% from the previous 12 months.
The report outlines clear and actionable guidance that firms can follow, such as how to defend your practice against phishing, reduce the risk of malware infection and take effective control of your supply chain.
Ciaran Martin, Chief Executive of the NCSC said:
“Like all businesses, law firms are increasingly reliant on IT and technology and, as a result, are falling victim to a range of malicious cyber activity.
“Losing access to this technology, having funds stolen or suffering a data breach through a cyber attack can be devastating, both financially and reputationally, not only for the firm but also its clients.“
“The NCSC is committed to supporting the legal sector as part of our role to make the UK the safest place to live and do business online and that’s why we feel it’s extremely important to offer the tailored advice and guidance outlined in this report.”
Law firms are an attractive target for cyber attacks as they hold sensitive client information, handle significant funds and are a key enabler in commercial and business transactions.
Findings show the most significant cyber threats law firms face include phishing, data breaches, ransomware and supply chain compromise.
The Cyber Threat Assessment for the UK Legal Sector was created in collaboration with major law firms working under the NCSC Industry 100 scheme and the Law Society.
Christina Blacklaws, President of The Law Society said:
“As data controllers, law firms handle significant volumes of confidential and sensitive information and client monies as part of their daily work.
“In the post-GDPR world and as the sector delivers and transacts more online, it’s vital that we get a common view and understanding of cyber threats and their impact.
“The Law Society sees this report as a positive step to help our members spot vulnerabilities and put relevant safeguards and protections in place.”
To help firms further, the NCSC and industry partners have launched the ‘Legal Sector’ group on the free Cyber Information Sharing Platform (CiSP).
CiSP is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK business.
Notes to editors
- The full report can be seen here.
- The report’s estimation that £11 million of client money was reported stolen due to cyber crime between 2016-2017 was made by the Solicitors Regulation Authority (SRA).
- The private ‘Legal Sector’ CiSP group is tailored to the needs of UK law firms, giving a wealth of cyber expertise and advice. Full details on membership benefits and joining instructions can be found at www.ncsc.gov.uk/cisp. The NCSC, Law Society or Bold Legal Group can sponsor your organisation, as appropriate.
- The UK Government is fully committed to defending against cyber threats and address the cyber skills gap to develop and grow talent. The NCSC was created as part of the five year National Cyber Security Strategy (NCSS) announced in 2016, supported by £1.9billion of transformational investment
- The NCSC provides a single, central body for cyber security at a national level and is the UK’s technical authority on cyber. It manages national cyber security incidents, carries out real-time threat analysis and provides tailored sectoral advice. GCHQ is the parent body for the Centre, meaning that it can draw on the organisation’s world-class skills and sensitive capabilities.
- The UK Government’s behavioural change campaign for cyber security, Cyber Aware, promotes simple measures that small businesses and individuals can adopt to stay more secure online. Cyber Aware’s technical advice is provided by the NCSC. Further information on the campaign can be found here.
Latest News from
National Cyber Security Centre
Statement: Marriott International data breach03/12/2018 14:15:00
The latest NCSC statement following reports of a data breach affecting Marriott International
GCHQ and the NCSC publish the UK Equities Process30/11/2018 11:15:00
GCHQ, and the National Cyber Security Centre, have a proud history of discovering and disclosing security weaknesses in all manner of technologies.
Top tips to shop safe online on Black Friday published as the NCSC encourages public to have a ‘cyber chat’23/11/2018 16:05:00
The NCSC is encouraging the public to have a 'cyber chat' to shop safely online during Black Friday.
NCSC to discuss drives to help cyber security thrive in Scotland23/11/2018 09:15:00
Security experts take part in multi-agency meetings to help cyber security thrive in Scotland.
Innovative cyber ideas chosen to benefit from NCSC Accelerator programme21/11/2018 09:15:00
The NCSC's Cyber Accelerator programme has announced the companies making up its third cohort.
NCSC’s advice in response to the increase in sextortion scams02/11/2018 12:15:00
Advice from the National Cyber Security Centre in response to the increase in sextortion scams.
Ciaran Martin's speech at the Annual Review 2018 launch17/10/2018 11:42:00
Ciaran Martin speaking at the launch event for the 2018 Annual Review (16th October)
NCSC deals with 1,100 cyber attacks in first two years17/10/2018 09:15:00
On its second anniversary, the NCSC has revealed it has defended the UK from an average of more than 10 attacks per week.