The State of Cyber Security in the Legal Sector
Insights after analysing 5,000+ UK-based law firms.
Methodology
Believed to be the largest of its kind in the industry, our team of qualified researchers performed a non-intrusive cyber audit on over 5,000 UK-headquartered law firms. The research took place over a four month period between May and August 2024.
Stolen Passwords
We cross-referenced over 5,000 law firm domain names with lists circulating the Dark Web to reveal how many possible login credentials are available to criminals in the sector.
We found a sum total of 1,001,313 stolen password matches for firms in the sector.
It averages out at 195 stolen passwords per firm or 1.27 passwords per employee.
The proportion of UK law firms with one or more stolen password(s)
- Firms with stolen passwords
- Firms with no stolen passwords
The proportion of UK law firms with one or more stolen password(s) per employee
- Firms with at least one stolen password per employee
- Firms with less than one stolen password per employee
We also found 18% of law firms have two or more stolen passwords per employee, 9.6% have three or more and just over 1% have as many as ten stolen passwords per employee.
DMARC Compliance
Domain-based Message Authentication, Reporting and Conformance (DMARC) is a protection policy that stops a firm’s domain from criminal hijacking. When enabled, it stops bad actors sending emails with a firm’s domain, which is a tactic often employed to intercept ongoing cases.
We found that less than half of the sector’s firms have valid policies in place.
The proportion of UK law firms that are DMARC compliant
- DMARC compliant
- Not protected
While essentially a simple policy, the process of enabling DMARC can cause disruption when not managed correctly – often meaning it takes time to enable. Therefore, there may be a number of firms working on actively enabling it now. That said, DMARC has been around since 2012.
Phishing Protection
Each year, the UK Government produces the Cyber Security Breaches Survey to determine how organisations are attacked by criminals. Each year, phishing comes out on top.
Phishing is an impersonation tactic employed by criminals to intercept ongoing activity or trick innocent victims into doing something they otherwise wouldn’t have done. It is almost always performed via email, which is not something standard ‘spam’ filters are designed to detect. Premium phishing protection add-ons are therefore recommended to significantly reduce risk.
The proportion of UK law firms with specialist phishing protection
- Adopts phishing protection
- Unable to validate – potentially at risk
Our research was able to determine a definitive cohort of firms that do employ a specialist phishing protection add-on but was not able to validate whether have no such protection in place. Therefore, our recommendation here is that, if your firm doesn’t have phishing protection, it is in the minority.
Volume of Web Assets
Web assets are essentially a firm’s attack profile – or external things they have facing the public domain that could be exploited. The more of them that exist, the greater a potential threat.
While it is essentially a measure of size, our findings show the volume of assets a firm has correlates little with the overall size of a firm. For example, only 11% of firms employing 5,000 or more were categorised as “High”, with the majority “Low” or “Very Low”.
UK law firm cyber attack profile by size
- Large
- Medium
- Small
- Small
Our research was able to determine a definitive cohort of firms that do employ a specialist phishing protection add-on but was not able to validate whether have no such protection in place. Therefore, our recommendation here is that, if your firm doesn’t have phishing protection, it is in the minority.
