Cyber Risk is the Biggest Risk for Law Firms in 2024

Cybercriminals are continuously attempting to steal the confidential corporate and personal data that law firms are responsible for safeguarding. Law firms of all sizes, barristers’ chambers, and legal professional bodies face a constant onslaught of cyber-attacks, including ransomware and phishing attempts, from financially motivated criminals seeking to acquire and sell this data.

In day-to-day business, legal firms have a number of risks to contend with, but it’s only in the last few years that cyber security has become hugely significant. Cybercrime is now a massive global economy, estimated to be valued at $10.5 trillion by 2025. If it was a country, it would have the third-largest economy in the world.

According to a PWC survey of the top 100 law firms, cyber risk is the biggest risk they face in 2024. Of the firms questioned, 90% stated that they were extremely or somewhat concerned about cyber incidents preventing them from achieving their business objectives.

Demonstrating how much legal firms now think about cyber security, only 58% of respondents stated the second biggest concern, macroeconomic volatility – a long way behind cyber risk.

The report reveals that the top 25 firms increased spending on cyber security over the last year. The top 10 raised this by 21% while the firms in 11th to 25th places hiked up investment by 43%. However, simply buying more cyber security tools isn’t a guaranteed way to minimise the risk of succumbing to a cyber-attack. Businesses need to know how to set up, configure and manage the tools as threats continually change over time.

Regarding priorities for business support over the next twelve months, the law firms put ‘reduce cyber risk’ in the top five. This is no surprise when successful cyber-attacks often result in encryption or loss of data, financial losses, reputational damage, industry penalties and legal repercussions.

The advent of AI in cybercrime

To make matters more unpredictable, cybercriminals are starting to use artificial intelligence (AI) and generative AI (GenAI) in their offensive campaigns. Cyber security analysts believe that criminal groups are investing time and money into crafting more sophisticated attacks including deepfake technology to mimic business leaders, decision makers, and other people in positions of authority to trick others into disclosing confidential information or to transfer money.

As new trends in cybercriminal activity unfold, cyber security salaries continue to rise because of the shortage of experienced professionals. Many law firms don’t have the budget, know-how or inclination to build an in-house cyber security team and recruit, train, and retain the talent they need in an ever-evolving field outside of their core business.

At Quorum Cyber, we believe that it’s vital to adopt a strong cyber security culture. Cyber risk isn’t a technology risk, it’s a business risk, and so every law firm should mitigate this risk by leading from the top. Managing partners and risk committees must address cyber risks by instilling cyber governance and ensuring employees understand it. And it’s important to train employees so they can spot the signs of phishing emails or criminal activity and adhere to the firm’s cyber security policies.

We understand that while we work to strengthen our customers’ cyber security, wherever they are on their journey, we also work closely with law firms to ensure they have excellent cyber resilience so that they can bounce back from any cyber incidents.