24/7 SOC




You are here:

Financial Fraud & Loss

Reputational Damage

Reduced ROI on Exit

Cryptocurrency Security

Cost of Mitigation

Regulatory Action

Legal Service Companies

UK law firms rely on IT to deliver their services to clients and manage their own businesses. Working with sensitive client information and the handling of significant funds are key enablers in legal and commercial transactions. But they are also a prime target for cyber criminals, competitors, foreign governments, hacktivists and rogue employees.

Business Risks from Cyber Attack

The risks associated with cyber attack are high for any legal services company and potentially for their customers. Losing access to information technology, having funds stolen or suffering a data breach can be financially devastating. It can also lead to a significant loss of reputation and future business in an increasingly competitive legal marketplace.

£11 million of client money stolen from solicitors by cyber criminals in 2016

Hackers Target Law Firms

Hackers use complex, and evolving technology to deliver targeted email phishing, viruses and ransomware. Automated attacks can also take a business website down at any time. Traditional firewalls and antivirus software will not protect your business from today’s sophisticated file less and zero-day cyber attacks.

Who Are the Attackers?

The primary threat to the UK legal sector stems from cyber criminals with a financial motive. However, nation states are likely to play an increasingly significant role at a global level, to gain both a strategic and economic advantage. There has also been some growth in the hacktivist community targeting law firms to achieve political, economic or ideological ends.

Cyber Security Challenges Faced by Lawyers

Email Phishing

Phishing describes a type of social engineering where cyber attackers trick individuals into disclosing confidential information or paying money into a fraudulent scheme. A recent Law Society poll of law firms showed that approximately 80% have reported phishing attempts in the last year. Its relative low tech/high reward relationship makes it a popular and lucrative method for cyber criminals.

Email Modification

The most common type of cyber attack against solicitors is where criminals intercept and falsify email communication between a client and the firm. This often involves the payment of funds into false bank accounts or the theft of confidential information. In the first quarter of 2018, email modification fraud accounted for more than 70% of all cybercrime reports to the Solicitors Regulation Authority.

CEO Fraud

CEO fraud is a specialised type of phishing that targets high net worth individuals or decision makers working at MD, CEO or CFO levels in an organisation. It involves the perpetrator (prior to the attack) acquiring detailed information of staff, suppliers, customers and trusted partners. Spoof messages are then sent from these partners to managers with financial authority to ask for the payment of an outstanding invoice.


Malicious software such as viruses, worms, Trojan Horses and ransomware is intentionally designed to cause damage or provide access to an IT system. 2017 was the year of high-profile ransomware attacks reported by the National Health Service, FedEx, and Telefonica. Kaspersky confirmed that the number of ransomware attacks on businesses tripled in the year, jumping from one attack every two minutes in Q1, to one every 40 seconds by Q3.

Bring Your Own Security Risk

Partners and staff in legal firms are increasingly using their own mobile computers and phones for business purposes. Combined with the use of cloud-based applications, these BYOD devices allow users to work at any convenient location. They are however often poorly managed and present cyber criminals with many opportunities for exploitation.

Supply Chain Compromise

The National Cyber Security Centre confirms that supply chain cyber attacks in law firms increased by 200% in 2017. The greatest risk comes from third party suppliers failing to adequately secure sensitive data. A law firm’s position in the supply chain can also make them an attractive target. Cyber criminals can observe the process of a transaction and strike when money is about to be transferred.


Effective cyber security measures are required to meet the strict legal requirements of the General Data Protection Regulation (GDPR). Although the May 2018 deadline for compliance to GDPR has now passed, many companies are still struggling to ensure they meet the requirements of Article 30 (Security of Personal Information) and Articles 33/4 (Notification of Data Breach).

Our Expertise

Wizard Cyber is dedicated to helping law firms mitigate the risks associated with malicious or accidental cyber attack. We are a trusted supplier to many UK law firms and deliver 24/7 outsourced cyber security via our flagship range of CYBERSHIELD-MDR services.

To find out how Wizard Cyber can help you, enter your details in the form and we’ll get in touch.