" "

Under cyberattack: How can law firms defend themselves?

Read time : 10 mins        Added:  04/06/2025

Amidst the surge in digitalisation, cybercriminals are mobilising on an industrial scale. It is estimated that 20% of businesses and 14% of charities have been the victim of at least one cyber crime in the last 12 months, accounting for approximately 283,000 businesses and 29,000 registered charities.

Hackers have more opportunities than ever at their fingertips, meaning that it is important that law firms are prepared to protect themselves and act quickly should such an incident occur. What’s more, given that law firms have access to valuable transactions and data, the legal sector is a lucrative target.

Taking aim: Why do cybercriminals have law firms in their sights?

 

Law firms are the linchpins of business and commercial transactions. They enable high value deals, handle significant sums of money and store huge quantities of confidential client data. As a result, they offer an attractive opportunity to cybercriminals looking to either steal these assets or use them to extort the firm.

 

With hybrid working now common practice and the increased use of processes such as eDiscovery1 for litigation, more information than ever before can be accessed digitally – leaving firms especially vulnerable to attack.

As a result, there is no room for complacency: preparing your law firm as much as possible in case of a cyber attack will stand you in good stead to handle it effectively.

Understanding the threat: Which kind of attacks are law firms most exposed to?

The most common cyberthreat facing law firms is phishing, or the practice of sending emails or messages to manipulate users into revealing sensitive information. In 2024, phishing cyber crime remained by far the most common type of cyber crime experienced (93% of businesses and 95% of charities experienced a cyber crime).

While some examples of phishing or social engineering can be easy to identify, with spelling errors, requests for payment via links, incorrect company logos and anonymous or unknown senders all pointing towards the likelihood of a phishing attempt, techniques have become more advanced. The use of ‘spear phishing’ – a more targeted attempt which uses specific or personal information of interest to the target – means that the cybercriminal’s fraudulent email can be well informed and look indistinguishable to the real thing.

Law firms should also be conscious of other cyberthreats such as ‘man-in-the-middle’ attacks, which can be used to misdirect funds, and SQL injections (the insertion of malicious code into the target’s system, application or website). Malware and ransomware also represent risks to the legal sector, especially since the latter is designed to block access to vital systems and services, such as client databases and sensitive documents. Whilst the prevalence of cyber crime overall remained static, the prevalence of ransomware among businesses has significantly increased between 2024 and 2025. The estimated percentage of all businesses who experienced a ransomware crime in the last 12 months increased from less than 0.5% in 2024 to 1% in 2025, which equates to an estimated 19,000 businesses in 2025.

Effective cybersecurity requires everyone in an organisation to understand the risks and take active steps to mitigate them.

Assessing the damage: What are the financial risks to law firms?

When a cybercriminal strikes, the cost – both financially and in terms of resources – can extend far beyond the attack. Directly, there is the cost of the attack itself, which could come either in the form of the funds stolen from the firm, or in the money (often in the form of cryptocurrency) demanded by the cybercriminals via blackmail. 

However, there is also the aftermath to consider, in terms of the cost of complying with UK GDPR regulations. In the event of an attack that leads to a data breach, the firm must inform the ICO within 72 hours and notify any affected individual of the loss of their data, which can be expensive both in terms of time and the required expertise.

On another level, there are also the costs incurred as a result of the disruption caused to consider, particularly in the event of a ransomware attack during which all files will be encrypted and systems rendered useless.

The financial repercussions of a cyberattack can also occur on a long-term basis in the form of reputational damages. The loss of clients’ trust can significantly impact a business such as a law firm, whose core proposition is dependent on reliability, responsibility and security.

In some cases, it may be necessary to commence ransom negotiations, but it is important to note that even if companies pay the ransom, the attackers might employ Triple Ransom Extortion, in which they ask the firm to pay again and threaten them with the prospect of uploading the data on a website such as WikiLeaks. They might even then be asked to pay the ransom a third time, or else the data will be released to the media. Any recovered data needs to be forensically cleansed and can’t simply be restored.

Before paying the ransom, the affected law firm should also work with experts to verify that the attackers aren’t representing a terrorist organisation. The National Cyber Security Centre offers more advice and guidance on this topic.

 

Building the shield: How to develop a cyberdefence strategy

Just as you’d use a number of different security measures to keep your physical premises safe – from multiple locks to alarms and security cameras – the same should be true when it comes to defending your business online.

Here are seven tips to ensure that your firm is prepared in the event of an attack:

  1. Plan for action: Develop a cyberattack incident management strategy. Identify the company’s critical information, assets and services and understand where they are stored. Select key individuals who will take charge if an incident occurs, which actions should take place to manage the event and note the details of IT vendors and cyber liability insurance policies.
  2. Go offline: Keep a hard copy of the strategy so that if the firm’s system is locked as a result of a ransomware attack, the information is still accessible.
  3. Vulnerability awareness: Find out what makes your business or organisation  vulnerable and how to protect it from cyber threats. This article in collaboration with Norton offers cybersecurity guidance and resolutions. For a more comprehensive view, we strongly recommend that you consider becoming certified through the government’s Cyber Essentials scheme.
  4. Knowledge is power: Mitigate the risk of human error by training all colleagues on topics including how to spot phishing emails through tests or simulations, how to set up secure passwords, and how to safeguard client data, as well the processes to be followed when transferring sums of money.
  5. Duplicate and defend: Backup all files offline regularly (not connected to your network) to minimise disruption and loss in the event of a data breach or ransomware attack.
  6. Gain peace of mind: Given that 29% of UK businesses experienced a cyberattack at least once a week during 2024, law firms cannot afford to be unprepared. In collaboration with Norton, Lloyds have a special offer for small business customers for  simple, affordable and essential cybersecurity from Norton Small Business. 
  7. Maintain operations: If unprepared, the financial ramifications of a cyberattack can choke a business’ cashflow, leaving the business itself in jeopardy. Lloyds offer working capital solutions to ensure that your firm can still operate if cybercriminals strike. All lending is subject to a satisfactory credit assessment.

Where to go from here:

In addition to the above, consider the following questions:

  • Could your business or organisation be at risk of a cyber attack?
  • Where does it all go wrong?
  • What steps can you take to protect your business or organisation?

As digital transformation surges, cyberattacks on businesses – especially in the legal sector – have become inevitable. Lloyds is here to support you as you develop your cybersecurity strategy, so speak to your Relationship Manager for more information on how we can play a role in defending your firm.

1 eDiscovery is a process that enables solicitors to identify and supply digital information that can be used as evidence.

2 Lloyds is an introducer to Arthur J. Gallagher Insurance Brokers Limited who arrange and administer Lloyds Business Insurance Services and source products from a panel of insurers.