NCSC — part of GCHQ — yesterday published its latest Cyber Threat to the Legal Sector report to highlight the potential threats to legal firms, from ransomware attacks by criminals to intellectual property theft by state actors.

The report, which updates a previous iteration from 2018, looks to help UK law practices of all sizes and types of law be more resilient to the main methods of attack.

It warns how the widespread adoption of hybrid working, accelerated during the Covid-19 pandemic, has increased the risks online and how sensitive information and the sums of money firms often handle can make them particularly attractive targets to attackers.

The report also contains case studies which emphasise the severe impacts that incidents can have; for example, conveyancing firm Simplify Group was left unable to process house moves for weeks after an attack, which is reported to have cost the company £6.8 million.

Another firm, Tuckers Solicitors LLP, had data relating to 60 court cases stolen and leaked on the dark web after it fell victim to a ransomware attack.

NCSC CEO Lindy Cameron said: “The UK legal sector carries out essential work to uphold our society; however, we know the sensitive data legal firms handle can make them attractive targets to online attackers.

“With the cyber landscape constantly evolving, the NCSC has produced an up-to-date picture of the latest threats facing the sector, alongside advice and guidance designed to ensure the sector can stay secure.

“I urge all legal practices to follow the guidance in this report and take full advantage of the NCSC’s tools that it recommends to help increase their cyber resilience.”

Malcom Cree, CEO of the Bar Council of England and Wales, said: “This new report is both welcome and important. It provides extensive advice, information, and assistance to equip the legal sector with a better understanding of the challenges we all face.

“The report enables us all to reflect on the many challenges and focus on building better cyber security resilience in the legal sector.”

Lubna Shuja, president of the Law Society of England and Wales, said: “It is vitally important that solicitors and law firms, whether large or small, are aware of the cyber threats they face and take steps to safeguard their systems.

“This new report from NCSC is a timely intervention that will be an essential resource for our members, providing information, practical guidance, and tools to help the legal sector protect the sensitive data it holds against cyber attack.”