As law firms industry, we are far too complacent about cybercrime. Unless we do something about it, and we do it now, we will all continue to be victims. All will be a cyber attack on law firm, It’s only a matter of time.
Of course, theft is not new; cybercrime simply makes it much easier.
If I had wanted to steal your money 300 years ago, I would have mounted my trusty steed and assaulted your stagecoach with my pistols.
Forty years ago, it would have been a sawed-off shotgun and I would have driven off in my Ford Granada with bags full of used fivers.
Today, all I need to steal your money, your data and your identity is a device and an Internet connection.
I can do it from my room, from the coffee shop around the corner or from my deck chair on the beach in the Maldives.
The scope of the threat to law firms
Identity theft has reached epidemic levels in the UK, with almost 500 incidents a day, according to figures from Cifas (UK fraud prevention service).
Companies with personal data are more likely to be attacked. The most common attacks are:
- fraudulent e-mails
- virus
- malware
In the first six months of 2017, a record 89,000 cases of identity theft were reported, which typically involve criminals impersonating a person to steal money, purchase items, or take out a loan or car insurance in their name.
53% of all frauds in the UK occur on the Internet: 1.9 million crimes. UK citizens are 20 times more likely to be scammed on their computer than mugged in the street.
Over the past eight years, more than 7.1 billion identities have been leaked worldwide as a result of corporate data breaches.
There are 7.5 billion people on Earth, most of whom do not have Internet access, so those of us who do have it have probably been hit several times.
If you have not already done so, check to see if your e-mail has been compromised.
I check it regularly and last week I discovered that one of my email addresses was listed, so I was able to change my password immediately.
A funny and scathing YouTube video by Jimmy Kimmel shows how easy it is to crack passwords.
In April 2023, the government reported that nearly seven out of 10 large companies identified a breach or attack.
LinkedIn, EE, the National Lottery, BA, the NHS, TalkTalk, Deloitte, AA, Wonga and Equifax have all been victims, as have countless local authorities, retailers, charities and law firms and chambers.
In the 2016 Crime Survey for England and Wales, fraud and computer misuse accounted for a total of 5.8 million offenses.
Some 1.4 million people suffered a computer virus attack, and nearly 650,000 reported that their e-mail or social network profile had been hacked.
Anyone who thinks they may have been the subject of online fraud or attempted fraud should report it to Action Fraud.
The WannaCry ransomware attack that took over the NHS in May 2023 spread around the world in just a few hours.
The attack had a disastrous effect on the NHS and affected major corporate brands, government departments, universities and large infrastructure groups such as railroads, airlines and telecoms.
More than 250,000 computers in 150 countries were infected by the WannaCry virus. The criminals made off with almost $200,000.
There’s a fascinating and creepy video on YouTube that shows how – and how quickly – the infection spread around the world.
The legal sector: a worrying complacency?
Every week I read or talk to victims in the legal sector.
A few months ago, I had the misfortune to interview several victims of cybercrime. Some in law firms.
The largest amount stolen was just under £1 million, but the biggest impact was the £60,000 deposit taken from a single mother trying to rebuild her life after a divorce.
Connecting to a free wifi hotspot at an airport coffee shop was probably her biggest mistake, which eventually convinced her to send the deposit funds for her new apartment to a bank account other than her lawyer’s.
With all the publicity surrounding cybercrime, one would think that complacency would have been eradicated.
However, last year, Cert-UK, the precursor to the National Cyber Security Centre, published a sobering report on the UK legal sector about attacks on law firms in that nation.
65% of companies have been the victim of a cyber incident, but despite the need to protect ourselves, 35% of companies still do not have a cyber mitigation plan in place.
As for the insurance market, it is making money with our complacency.
Swiss Re recently reported that the value of global cyber insurance premiums will nearly quadruple in five years, from $10 billion in 2015 to more than $37.5 billion in 2020.
So either open your wallet to pay rising insurance premiums, or act now.
Think cyber defense for law firms, not just cybersecurity
Complacency is no longer an excuse, as there are many resources available to ensure that you, your company and your customers can, at the very least, mitigate the threat of cybercrime.
The National Cybersecurity Center (NCSC) has excellent resources:
- start with the 10 steps of cybersecurity
- cybersecurity guide for small businesses
You should also take a look at Financial Fraud Action UK’s Take Five campaign and the Scam Academy’s videos to understand how easy it is to become a victim.
The Bar Association can also help: it is developing partnerships with trusted, quality-assured and relevant cybersecurity providers to offer services tailored to the legal profession.
The ever-changing threat environment means that more and more needs to be done to detect, prepare and adapt to potentially malicious activity.
Today, cybersecurity is a crucial concern for law firms. A recent report revealed that 65% of law firms or law offices have been the victim of a cyber attack on law firm, highlighting the vulnerability of the sector to these attacks.
Evolution of Cybercrime: A Constant Risk
Cybercrime has evolved dramatically. In the past, thefts required a physical presence, but today, with just a device and internet connection, cybercriminals can steal money, data and identities from anywhere.
Alarming Statistics: The Impact of Cyber-Risk
Identity theft in the UK, for example, has reached epidemic levels, with nearly 500 incidents per day. In addition, 53% of all fraud in this country occurs online, highlighting the scale of this problem.
The Global Magnitude of the Problem
Globally, more than 7.1 billion identities have been exposed in the last eight years due to data breaches, underscoring the global extent of cybercrime.
Vulnerability of the Legal Sector.
The legal sector is not immune to these risks. For example, a 2017 UK government report indicated that nearly 70% of large companies, including law firms, suffered cyber breaches or attacks.
Devastating Consequences of Targeted Attacks
The WannaCry ransomware attack in 2017 is an example of how a virus can affect institutions and businesses globally, including important sectors such as healthcare and infrastructure.
Complacency in the Legal Sector
Despite the obvious threat, a significant percentage of firms still do not have a cyber mitigation plan in place, putting their security and that of their clients at risk.
The Economic Cost of Cyber-Insecurity
The value of cyber law firm insurance premiums is on the rise, reflecting the increasing economic cost of cyber insecurity. It is estimated that the value of these premiums will nearly quadruple over a five-year period.
Mitigation Strategies: Beyond Cybersecurity
Taking proactive steps to mitigate risks is critical. Institutions such as the National Cybersecurity Center offer valuable resources for preventing and managing these risks.
Conclusion: Act Now to Protect the Future law firm cyber attack
Law firms must recognize the seriousness of the cyber threat and act proactively. Implementing effective cybersecurity and cyber defense strategies is not only a necessity, but a responsibility to their clients and to the integrity of their professional practice.
You may also be interested in: Family liability agreements – What you need to know
