INTELLIGENT

SECURITY

Based on analysis of the latest data from the Information Commissioner ’ s Office covering Q3 2022 – Q2 2023 , more than half ( 60 %) of identified data breaches in the UK legal sector were caused by insiders . By comparison , 40 % of data breaches came from outside threats , such as external malicious actors .

The findings show that , combined , data from legal firms relating to 4.2 million people was compromised – amounting to 6 % of the UK population . Almost half of the cases ( 49 %) impacted customers and 13 % impacted employees . Basic personal information ( 49 %), economic and financial data ( 13 %), health data ( 10 %), and official documents ( 10 %) were the main types of data breached in the legal sector .

“ Law firms and legal institutions handle vast amounts of sensitive and confidential information , which puts them at increased risk of cyberattacks ,” said David Hansen , VP , Compliance at NetDocuments . “ But it ’ s not just external threats like ransomware that law firms need to watch out for . Law firms must be vigilant to insider data breaches – whether intentional or accidental . This requires robust cybersecurity measures to govern access to documents , without hampering staff productivity .”

The analysis of the ICO data highlights the common causes of data breaches in the legal sector :

• 37 % occurred from sharing data with the wrong person ( i . e ., via email , post , or verbally )

• 27 % occurred from phishing and ransomware attacks

• 12 % occurred from losing data ( i . e . loss / theft of a device containing personal data , or of paperwork or data left in an insecure location )

• 39 % occurred from human error ( i . e . verbal disclosure ; failure to redact or use bcc ; alteration of data ; hardware

More than half ( 60 %) of identified data breaches in the UK legal sector were caused by insiders .

misconfiguration ; documents emailed or posted to the wrong recipient )

• The findings underline the need for law firms to prioritise addressing threats from within , ensuring that only people with authorisation have access to certain documents and files

“ For law firms , guarding against insider threats is not just a matter of protecting data ; it ’ s a commitment to safeguarding client and employee confidentiality ,” Hansen continued . “ Data Loss Prevention must be an essential part of cybersecurity strategies . Taking this proactive approach can help law firms fortify their defences and prevent exfiltration and the unauthorised or inappropriate use of data .”

WWW . INTELLIGENTCISO . COM 61