Cyber security strategy of many UK law firms leaving them at risk of attack

31 Mar 2016 01:28 PM

The lack of robust cyber security strategies in many UK law firms and barristers’ chambers is putting them at a significantly higher risk of attacks, according to a new discussion paper from AXELOS.

In the new AXELOS paper - ‘Cyber resilience in the UK Legal Sector’ – a legal IT veteran warns that law firms traditionally have been slow to adopt technology and best practices regarding cyber security, leaving large gaps in their cyber resilience strategy.

The legal sector is one built on managing the most valuable and commercially sensitive information of organizations and high profile individuals effectively. The risk of this information falling into the wrong hands is significant and can cause catastrophic financial and reputational damage to law firms and their clients.

The discussion paper outlines the vulnerability of the legal sector to a cyber-attack and the reasons why they are being targeted. It warns that employees are often the greatest vulnerability in their defences and explains how organizations in the legal sector can more effectively resist, respond and recover from attacks.

Paper author Matt Torrens, who is a legal IT veteran and entrepreneur, comments: “Cyber-crime is the ‘new normal’ and now the most common offence in the UK, as reported by IT Governance. To meet this significant challenge, not only should regulatory bodies evolve to enforce best practice, but also law firms must accept their responsibility to develop and maintain appropriate cyber-resilience strategies. This top-down-bottom-up approach will help the legal market deliver global best practice that is effective, practicable and demonstrates a market wide drive towards excellence.”

Nick Wilding, AXELOS head of cyber resilience, said: “For the legal sector to have effective cyber resilience it needs a two pronged plan of action in adopting best practice. First, they need to assess how they can harden their networks against their critical vulnerabilities and secondly, they need to educate their people through ongoing, engaging and practical cyber awareness learning. This is the best way to ensure the sector is fully prepared to protect its client’s most valuable information.”

In 2015, AXELOS launched a new Cyber Resilience Best Practice portfolio - RESILIA™ - a portfolio of cyber resilience best practice publications, certified training, staff awareness learning and leadership engagement tools designed to put people at the centre of an organization’s cyber resilience strategy, enabling them to effectively recognize, respond to and recover from cyber-attacks.

Read the full Discussion Paper.

See our RESILIA section for more information.