Information security and cybercrime

Why this risk matters

  • Keeping the affairs and assets of clients confidential and secure is a well established professional responsibility.
  • Clients increasingly expect the convenience and speed that IT can provide.
  • Managing the risk posed by cybercrime is a regulatory requirement both from ourselves and the Information Commissioners Office (ICO).
  • A cyber-attack could damage a firm's reputation and put off potential clients.
Control icon


  • The Professional Principles in the Legal Services Act 2007 include a duty to maintain client confidentiality.
  • Solicitors should also note that fines can be imposed by the ICO for a serious breach of the Data Protection Act.
  • For most attacks on the information held by solicitors, the “cyber” label may be a distraction. Activities such as “Friday afternoon fraud” more closely resemble confidence tricks than hacking, by encouraging people to give them access to confidential information. Likewise, most malware also depends on tricking someone into agreeing to install it.
  • The consequences of cyberattacks or other information breaches can be severe:
    • Financial harm to yourself or to clients
    • Theft or loss of sensitive client data
    • Reputational damage
    • Potential breaches of the Data Protection Act
    • Potential regulatory breaches
  • The government recommend fairly straightforward steps to protect yourself from most of these threats in their latest Cyber Essentials guidance. They are as follows:
    • Boundary firewalls and gateways - make sure you have systems to stop intrusion into your work network
    • Secure configuration - making sure systems are properly set up in a way that meets your needs and that protects security
    • Access control - making sure that only those who should be able to access systems can do so, and that they do so at the right level
    • Malware protection - keeping your antivirus systems installed and up to date
    • Patch management - making sure that you are using an up to date and supported version of applications you use, including your operating system and browsers, and that you install patches from the vendor.
  • Although solicitors and law firms must be aware of this risk, adopting technology solutions can bring many benefits. Our paper IT and Innovation includes real life case studies and other information about how technology can help law firms and solicitors innovate and better serve their clients.

Further information

Case studies icon

Read case studies

Report icon

View full report