Over the last few decades, our personal and professional lives have been transformed by the rapid development of digital technology.
Its adoption has been so universal, in fact, that many of us seem to spend most of our day talking, typing, watching or listening to a number of different devices.
However, convenience can lead to complacency and, in some cases, tremendous risk.
The UK Information Commissioner’s Office (ICO) has recently reported that the number of data breaches in the three months to June this year was six per cent up on the same period last year.
If we look a little deeper aT the ICO figures, we find that just under one-quarter of all such incidents over the last year were cyber-related, involving phishing, ransomware, malware or a ‘denial of service’ – the kind of hacking which prevents businesses accessing their own IT.
Just over 10 per cent of all cyber breaches involving organisations based in the UK during the last 12 months featured law firms and the judicial system.
The law profession is a target for criminals because it employs hundreds of thousands of people, generates a lot of income – some £43.9 billion in 2023, according to the National Cyber Security Centre – and handles a considerable amount of sensitive data.
That is perhaps why the latest edition of an authoritative annual report of the legal industry by the management consultancy PwC has found that cyber risk is now its biggest worry.
Ninety per cent of the top 100 law firms which PwC questioned reported being “extremely or somewhat concerned” about the cyber security question and its potential to damage reputations, income and create legal repercussions.
Those sensitivities have been heightened by an increase in the kind of devices capable of and necessary to connect with law firms’ systems as well as the shift to hybrid working and the growing sophistication of criminals.
The PwC conclusions make stark reading but should not necessarily come as a surprise.
Back in 2020, the Solicitors’ Regulation Authority (SRA), the body which oversees the legal profession, produced its own research showing that three-quarters of the firms which it spoke to had been the target of a cyber-attack.
Those incidents, said the SRA, saw more than £4 million of client money stolen.
Only last month, one Hampshire-based law firm was reprimanded by the ICO after data about more than 8,000 individuals was accessed by criminals and published on the ‘dark web’.
The PwC report has noted that many of the organisations which it surveyed had increased their spending on cyber security.
It added that “robust risk management is essential to protect against cyber threats”.
Since Broadway launched four years ago, we have worked closely with a variety of professional services companies, including law firms, to help them put in place just such a defence.
More than merely buying expensive IT or, of course, cyber insurance, it has involved us liaising closely with directors and partners to identify the risks to which firms and those within them are even potentially exposed, establish those firms’ individual attitudes to the apparent dangers and develop the most suitable and comprehensive strategy for them.
Just as a firm’s employees are its best ambassadors, how they work can also inadvertently be its greatest weakness, so regular training to understand and guard against threats has been an integral part of the process.
The same goes for suppliers and partners who, as PwC also acknowledges, can be assets and represent the sort of points of engagement which can be exploited by hackers.
It is experience which has led to both small and multi-national, billion pound turnover companies relying on our counsel on these very issues.
We shouldn’t forget, as the ICO numbers detail, that the majority of data breaches are the result of human error and not criminal activity.
Having said that, cyber crime is a very real and growing danger, and companies in the law and other sectors are increasingly realising the importance of doing all that they can to avoid it in order to protect their business.
Written by Daniel Lloyd-John, Chief Executive, Broadway Insurance Brokers