Professional services companies, particularly law firms, are sitting on a veritable treasure trove of confidential information. This vast repository of sensitive commercial and personal data has become an irresistible target for cybercriminals driven by financial gain. Another serious risk to businesses in these sectors is insider theft. Employees with the right access occasionally copy sensitive data to take with them when they move to a new job, or steal it for financial gain.

Research conducted by Quorum Cyber’s Threat Intelligence (TI) team has identified a 400% surge in tracked threat actors globally. These actors range from well-funded nation-state entities and organised cybercriminal gangs to hacktivist groups, all posing a threat to the sector. However, some of these threats are more pressing than others. Our Global Cyber Risk Outlook Report 2025 highlights the specific groups and nation-states that businesses should prioritise when looking to strengthen their cyber security.

In a revealing Global Cyber Risk Outlook Report 2025 webinar, James Allman-Talbot, Quorum Cyber’s Head of Incident Response and Threat Intelligence, emphasised the importance of knowing cybercriminals’ capabilities and targets. “Understanding this will help us protect ourselves as a community,” he said.

Although distinguishing one criminal group from another can be challenging due to their constantly evolving tactics, techniques, and procedures (TTPs), our threat intelligence (TI) team recognises that adversaries are adopting new technologies similarly to how organisations and cyber defenders do. Some criminal groups are becoming more sophisticated in their use of artificial intelligence (AI), but current evidence suggests this is still in its early stages.

During the webinar, Jack Alexander, Quorum Cyber’s Senior Threat Intelligence Consultant, shed light on the evolving landscape of cyber threats. He highlighted how threat actors are harnessing the power of artificial intelligence, particularly large language models (LLMs), to conduct research on their targets and craft more convincing phishing and spear phishing emails. The report provides detailed insights into the types of groups targeting the professional services sector and the nations from which these groups originate.

Nation-state threats

In the report, our TI team assesses the risks posed by different nation-states and adversaries. It deems cybercriminals to be a severe threat to professional services and legal firms. China is a substantial threat, while Russia, Iran, and hacktivist groups are seen as moderate threats. While not to be taken lightly, our analysts believe that the threat posed by North Korea is currently assessed as a lower-level threat compared to other actors.

Professional services cybercrime threats

Ransomware operations are expected to continue posing a significant risk to legal and professional service firms. This is due to the substantial amount of highly confidential and commercially sensitive data, as well as personally identifiable information (PII), that can be extracted from accountancy, consultancy, and advisory companies and used for extortion. Furthermore, there is a realistic possibility that ‘hack-for-hire’ services provided by private sector offensive actors (PSOAs) will be sought after to exfiltrate data that could be used in ongoing legal disputes.

Chinese intellectual property theft

Given the ‘Made in China 2025’ initiative, which aims to acquire intellectual property (IP) to boost Chinese high-tech companies in global markets, Beijing’s hackers are likely to prioritise IP theft targeting law firms involved in IP rights litigation.

Supply chain targeting threat

Professional services firms’ complex ecosystems, involving numerous vendors and partners, create multiple entry points  for highly sophisticated threat groups from both criminal organisations and nation-states. Attackers often exploit the weakest link in this chain, targeting smaller suppliers with less robust security measures to gain access to larger organisations.

Consequently, there is a realistic possibility that these groups will target legal firms throughout 2025 to compromise the supply chains of their clients. Such compromises often occur when threat groups hijack patching cycles to covertly install malware on victim networks.

Hacktivist disruption

If escalations in Ukraine and the Middle East persist, there is a realistic possibility that Russian and Palestinian hacktivists will periodically target the Western legal sector with distributed denial-of-service (DDoS) attacks and web defacement. These actions would be in retaliation against high-profile law firms seeking to enforce international jurisdiction against Russian and Iranian officials.

Summary of key findings

The report’s findings underline the importance of vigilance and proactive security measures for professional services and legal firms as they navigate 2025, where such measures will be crucial to protect against increasingly sophisticated cyber-attacks.

Learn more about the threats facing your company today

In a short video, Quorum Cyber’s Chief Threat Officer Paul Caiazzo sums up what you’ll learn in the new Global Cyber Risk Outlook Report. The full report contains detailed findings about cyber threats ranging from hacktivism, geopolitics, organised cybercrime and attack vectors.