23 November 2020
Cyberattacks make up 75 per cent of all reported crime in the UK. Law firms and their clients are an attractive target because transactions often involve large sums of money, and law firms control sensitive information on behalf of their clients.
Rule 4.2 of the Code of Conduct for individuals and Rule 5.1 of the Code of Conduct for firms place an obligation on the profession to "safeguard money and assets entrusted to you by clients and others". Everyone should be alive to the threat of cybercrime, and all firms should take steps to eliminate or mitigate against this risk.
The impact on clients and firms of successful cybercrime attacks can be immense. People could lose their homes, while firms have been shut down having been tricked into paying money out to fraudsters.
Cybercrime has been a priority risk of ours for some time. You can find out more about why this is in our Risk Outlook.
We visited 40 firms that had been targeted in a cyberattack to learn about their experiences. Discover what we found in our review.
Case studies and tips
Our thematic review turned out a number of common themes. Through case studies from the review, we have a range of tips and advice.
Covid and cybercrime
Cyberattacks increased by 400 per cent in the first few weeks of the first lockdown in March 2020 as criminals looked to take advantage of people working from home for the first time and potentially failing to adhere to normal security steps. We produced guidance for the profession to help keep firms and clients safe
We have published two papers on how technology is a blessing for the legal sector if used correctly, but that risks exist. You can find those papers here:
Technology and legal services (December 2018)
Keeping information and money safe (November 2016)