Data Theft Attacks on Legal Firms at All Time High

Quick Summary → The National Cyber Security Centre reports that a staggering 75% of solicitor firms fell victim to a cyberattack in 2020. This article considers what are the key cyber vulnerabilities that make the legal sector so attractive to cybercriminals. We advise on some simple, yet robust, suggestions to safeguard client and case information.

Client data breaches: Hackers are hunting UK Law Firms

Image courtesy of

Are law firms at high risk from hackers?

Legal professionals are acutely aware of client confidentiality and the consequences of case information falling into the wrong hands. The NCSC report on the vulnerability of the UK legal sector to cyberattacks quotes that 75% of firms surveyed by the Solicitors Regulation Authority had experienced a cyberattack[*]. One key takeaway is that these statistics remain consistent regardless of the size of the firm. Yet firms do not have adequate cyber mitigation plans in place. PWC found that the Top 100 UK Law Firms allocated an average of 0.4% of fee income to cybersecurity in 2022.

*UPDATED:  The Law Society confirms similar figures in 2023.


The legal sector is prime for data theft: the real victim is reputation

Legal practices are a honeypot for cybercriminals. Highly sensitive client information, such as financial records, legal files, or intellectual property, has resale value on the dark web. In addition, there are impacts from regulatory investigations and any potential legal liability for data breaches. Other attackers just want to cause disruption. Interrupting time-sensitive transactions of hourly billed lawyers can have operational and financial impacts.


The report identifies an interesting trend. Traditional financially driven cybercriminals remain a threat. Yet, increasingly we are seeing state actors, particularly China, targeting the legal sector for intellectual property. The primary reason the legal sector is so susceptible to data breaches is reputation. A data breach can cause emotional distress for the client involved. It can shatter the trust of your entire client base causing difficult to repair reputational damage. To an attacker, a firm’s reputation makes it an ideal target for extortion.


Hybrid working: the new risk to your cyber perimeter

One of the biggest factors for the high risk of data theft in law firms comes from hybrid working. The legal sector has embraced hybrid working. However, this change in work patterns is creating significant vulnerabilities that firms have not had to tackle in the past.


Increasingly sophisticated cyberattacks are targeting home and remote workers. Attackers are acutely aware of the availability of high-value data and the lack of cyber defense. Partners are increasingly accessing confidential client information outside of the office in ways that rely on external networks to provide, oft missing, cybersecurity. Such as hotels or airports. This reduced level of protection increases the opportunity for data breaches, particularly for data theft. Theft can arise from two areas. Either directly from a poorly secured remote environment, (home or a café). Or, an attacker jumping from an insecure environment, directly to the firm’s corporate network, such as via the VPN.


Finding solutions: Safeguarding against data breaches

This increased risk of data loss must be addressed to safeguard the legal sector. Whilst the NCSC offers guidance on protecting hybrid workers, all staff would benefit from some simple mitigation techniques:

    • damage from a compromised account can be limited by constraining user access to only the information they need access to.
    • implementing multi-factor authentication can overcome the limitations of passwords in protecting devices and application logins. MFA is commonplace today and need not impact the user experience.
    • enforcing regular device application updates can remove the open doors that attackers utilise to compromise a device and steal data.
    • user education remains paramount to explaining the importance of using a VPN, or how to recognise a phishing attack.
    • device security, such as antivirus and firewalls, are crucial in mitigating against incoming threats.
    • monitor the outbound destination of all data.


The first five suggestions should form the basis of a risk mitigation plan. The last suggestion, however, may be pivotal in preventing and eliminating data theft. Monitoring the destination of every data flow means that client or case data destined to an incorrect endpoint can be blocked before it becomes a breach. This is becoming increasingly important as firms outsource more services to the cloud, necessitating assurance regarding the data’s route to the provider.



Research consistently demonstrates that robust client data protection leads to stronger customer loyalty. Large firms can demonstrate dedication to safeguarding client information through certifications such as ISO27001. Smaller firms should consider Cyber Essentials.


The legal sector has a choice: cling to outdated notions of security and risk ruin or become data protection pioneers. The NCSC report isn’t a death knell, it’s a rallying call to arms to protect your client’s secret. But it is also a reminder that you choose a lawyer for their integrity, their competence, their dedication to confidentiality and their reputation.

About the Author

Dr Mark Graham, CEO of ZORB Security

Dr. Mark Graham has spent over 30 years in cybersecurity.  He completed his PhD in malware detection in Cambridge, UK where he also lectured in Information Security, Cybercrime, and Pen-Testing.  He is a co-founder of ZORB Security which specialises in eliminating data theft.

Try a live demo of ZORB

See ZORB in action using real time, live data


author avatar
Dr Mark Graham