No business of any size can ignore the heavy media coverage of cyber security and the associated threats that are consistently highlighted. High-profile cyber-attacks frequently make the headlines and are typically large consumer organisations, such as TescoYahoo and Talk Talk.

However, cyber-attacks against law firms are increasing and are repeatedly targeted due to the vast amounts of money, information and client data that they retain. This is a troubling realisation, considering they are inherently built upon strict confidence and trust from clients. Even taking this into account, many firms do not even know they have been compromised when a cyber-attack takes place. By the time they realise a breach has taken place, significant damage may already have been done, with most then not knowing what to do next.

Cyber-attack statistics

  • There are over 4,000 cyber-attacks every day. That’s 170 attacks every hour, or nearly three attacks every minute.
  • Cyber-attacks against law firms are rising with 73 of the UK’s top 100 targeted.
  • Cyber-attacks have grown by more than 60% in the last two years, with the number of top 100 law firms experiencing an attack rising from 45% in 2018/19 to 73% in the most recent financial year.
  • The concentration of cyber-attacks against law firms was highest among larger organisations, with 90% of the top 25 law firms experiencing a threat.
  • 55% of firms targeted by cyber-attacks had been victims of attacks with viruses or other malware, while 16% of those targeted had faced significant attempts to break into their firm’s network.

The logical question to ask about the consequences of a cyber-attack is what is the cost to the business? According to IBM’s Cost of a Data Breach 2022, the average consolidated total cost of a data breach in the UK is £3.36 million, up from £2.37 million in 2015. The study also finds that the average cost incurred for each lost or stolen record increased from £104 to £131, with the records in the services sector proving the most lucrative, at £191 per record.

A broad move to remote working is also among the factors fuelling the rise in data breach costs. Incidents that initially cost £2.8 million before remote working was a factor now cost £3.57 million. Since the pandemic, roughly 60% of businesses were forced to move further into cloud-based activities, with these changes feeding into an overall 10% rise in the cost of data breaches to 3.05 million.

For large law firms, this would be a major inconvenience, however, they are not the only ones being targeted. Smaller firms are being targeted just as much, as cyber criminals may actually see them as an easier target due to the potential lack of infrastructure to prevent and respond to a cyber-attack. A well-executed cyber-attack could threaten the core of their business from the sheer cost of the attack alone.

Regardless of whether or not a firm is specialising in a magnitude of services on an international scale, or a boutique firm huddled away in a quiet town, it is just as important that they have cyber security measures installed and their employees educated. Although many are now more than conscious of the importance of cyber security, there are still those that lack a decent understanding of what precautionary measures to take to mitigate risks (and those who are still ignorant to the threats).

Types of cyber-attacks

  • Phishing attacks:  This is an attempt to obtain sensitive information or gain access to client funds by masquerading as a trustworthy source via email. These are some of the most common cyber security incidents faced, with 84% of firms falling prey to such an attack. Of the UK businesses that identified a cyberattack, 83% said they were targeted by a phishing attempt, making this the most common threat vector. There is a significant internal threat associated with phishing emails as unsuspecting and untrained staff are at risk of clicking on malicious phishing emails, with 41% of law firms suffering a security incident that was caused by staff.


  • Spear-phishing Attacks: Spear phishing is a specific type of targeted phishing attack. The attacker researches their intended targets and then writes messages the target is likely to find personally relevant. These types of attacks are called “spear” phishing due to the way the attacker homes in on a specific target. A spear-phishing attack often uses email spoofing, where the information inside the “From” portion of the email is faked, making it look like the email is coming from a different sender. This can be someone the target trusts, such as an individual within their social network, or a business partner. The message will seem legitimate, which is why it can be difficult to spot a spear-phishing attack.


  • Ransomware:  Ransomware increased 35 percent in 2015 as cyber criminals capitalised on the profitability of such an attack. This type of attack targets Macs, PCs, and also smartphones, encrypting the devices until a ransom has been paid. Ransomware is typically spread via unsolicited emails and employees clicking on genuine-looking links.


  • Website vulnerabilities:  Symantec reports that there were over one million web attacks each day in 2015. Cybercriminals continue to take advantage of vulnerabilities in legitimate websites to infect users, as website administrators fail to secure their websites. Nearly 75 percent of all legitimate websites have unpatched vulnerabilities.


  • Zero-day attacks: A zero-day attack refers to a security hole in software that is unknown to vendors. This is exploited by hackers before it is identified and fixed. Attackers exploit these weaknesses before a patch becomes publicly available. Until a zero-day vulnerability is mitigated, threat actors can freely exploit it to breach data, systems, and networks. The number of zero-day exploits in 2021 grew more than 100% compared to the previous record set in 2019. This means that during the last decade about 40% of all zero-day attacks occurred in 2021 alone. The most frequent zero-day exploits involved Microsoft, Apple and Google products.


Reputational Damage

When a cyber security breach takes place, one of the immediate questions asked is what are the financial implications to the business? This is of course not to be taken lightly, but due to the nature of the work undertaken by law firms, reputational damage needs to be taken just as seriously. Major law firms deal with vast amounts of sensitive data and are entrusted by their clients to keep this confidential and secure. This relationship is a foundation upon which the legal profession is built. A potential breach of this data incurred from a cyber-attack could seriously cripple a firm’s hard-built reputation within the legal industry. Something that may not be easy to recover from.

How CYFOR Secure can assist your law firm

Following a cyber security incident, time is of the essence and every second counts. Delays can have a severe impact on your law firm’s finances and reputation. Our team of highly skilled and experienced digital forensics and incident response (DFIR) experts ensure a rapid incident response. Backed with a wealth of knowledge, proven methodology and industry-leading technology, with our cyber incident response services, any impact on your law firm will be minimised. Speak with our consultants today.