<img alt="" src="https://secure.refl3alea.com/149779.png" style="display:none;">
LEGAL IT BLOG

Recommended Blogs

  • October is Cybersecurity Awareness Month

    October marks Cyber Security Awareness Month, an annual reminder for businesses and individuals that cyber security ...

    Read More
  • Legal cloud technology – how it aids efficiency and productivity

    Not all clouds are created equal, however. The two main choices of cloud technologies are the public, private and ...

    Read More
  • Everyday cyber security social engineering risks – and what you can do to protect yourself

      As each year goes by, the electronic defences against cyberattacks get better and better.  

    Read More
  • Sprout Sessions - OnDMARC - How to prevent phishing

      Phishing is the most significant cyber threat to the UK Legal Sector.  

    Read More
  • 8 ways to work remotely and securely for the legal sector

    The personal, private, and commercially sensitive information stored on legal firms’ internal and external networks is ...

    Read More
UK business cybersecurity – in numbers
BY Nathan Killick

First the good news – according to the Department for Digital, Culture, Media & Sport, the number of cyber attacks on British businesses fell from 72% reporting a breach or attack in the first six months of 2018 to 60% for medium sized firms and 61% for larger firms in the first six months of this year.

 

 

70% of the directors of these firms told the Department that “cyber security is a high priority” and that nearly six in ten business leaders receive reports from their staff every month on cyber security issues.

 

But the bad news is that the number of firms in the UK offering cybersecurity training to their staff has fallen and only 23% of medium-sized firms and 40% of larger firms are making progress on the government’s “10 steps to cybersecurity” program.

 

In some boardrooms, there is both a real awareness of the dangers posed by cyberattacks coupled with a  complacency over continual improvement over cybersecurity. Why is this? In this article, Sprout IT examines the latest statistics on how businesses are keeping critical client personal and professional data safe.

 

shutterstock_549680125 (1)

 

UK firms “facing paralysis as cyber criminals become more advanced”

 

In a survey of 2,200 non-IT decision makers across 20 countries conducted by NTT Security, progress towards corporate cyber security improvement is “failing” despite the increase in sophistication of the types of cyberattacks regularly launched against companies by criminals.

 

The reasons for this identified failure were given in the report as:

 

  • lack of security budget
  • skills shortages
  • confusion over who is responsible for what (44% believe that cybersecurity is the responsibility of the IT department rather than that of the wider business)
  • knowledge over what constitutes compliance is low
  • ineffective cyber security policies and an inability to develop them internally

 

One third of UK respondents told NTT Security that they would rather pay a ransom to a hacker than invest more in cybersecurity because they perceived that the cost of paying the ransom would be less. Around the same number would pay a ransom rather than be subject to a fine by the ICO for non-compliance with GDPR and other regulations surrounding personal data. This is despite NTT Security’s estimate that the cost of recovery from a cyber breach is around $1.2m.

 

Although most companies are encouragingly still making progress, there is a self-stated worrying lack of both leadership and budget within a significant proportion of these larger firms. The longer this situation persists, the more likely it is that hacking technology and techniques will advance even further leaving these firms even more vulnerable than they are now.

 

The numbers

 

In the Department for Digital, Culture, Media & Sport survey, respondents for SMEs reported that:

 

  • 80% of those affected had been subject to a phishing attack
  • 28% were subject to others impersonating an organisation in emails or online
  • 27% had to manage viruses, spyware or malware, including ransomware attacks
  • 32% of businesses recording breaches or attacks said that it resulted in a negative outcome including the loss of data or assets
  • two thirds of business do not have a board member or trustee with specific responsibility for cyber security
  • four fifths of businesses do not require their suppliers to adhere to any cyber security standards
  • 84% of business do not have formal cyber security incident management processes in place

 

The legal sector and cybersecurity in 2019

 

Using various different measurements, legal firms within the UK are actually as well prepared as most other medium-sized to large companies – arguably slightly ahead, in fact. For an industry with a reputation of moving slowly to adopt new technology, solicitors and barristers have provided real leadership to the wider business community.

 

That said, 8% of the data breaches reported to the ICO between July and September 2018 were security incidents involving law firms (source: ICO). Only 14% of firms’ senior management teams have participated in crisis management training in the previous 12 months (source: PwC).

 

Achieving cybersecurity within any legal firm is not an action that leaders should take once and never follow up on again.

 

Cybersecurity requires ongoing vigilance and leadership from the very top of any practice or chambers – leaders and senior managers should always ensure that it is considered in everything the firm does. Cybersecurity should be a cultural norm within any organisation which handles sensitive information on its clients, whether those clients are in a personal or professional capacity.

 

There is a skills shortage in the UK affecting companies wanting to protect themselves against cyberattack. There have been recent warnings that this skill shortage will get worse before it gets better (source: IFSEC Global).

 

Companies affected by this should look to combine the best of their existing internal IT resources with the best outsourced service on offer to provide a reliable and dependable ongoing solutions as the number and sophistication of attacks looks set to increase, despite the temporary fall in number so far during 2019.

 

To speak with one of our team about ensuring that all your client data is safe and securely encrypted, please call Sprout IT today on 020 7036 8530 or email us

 

CTA - Legal Cyber Threat Guide-901037-edited

Cyber Security cyber threat cyber resilience cyber security technology