Get in Touch
Legal Sector: Understanding the hidden costs of a ransomware attack
A ransomware attack is one of any law firm’s greatest fears, but the ransom demanded is just the tip of the iceberg when it comes to the total financial cost of the incident. What can be done to minimise the risks?
Published: 10th November 2022 | In: Insights
For law firms, reputation is everything. The most successful have taken decades to grow their reputation. But, as everyone in the industry knows, reputation is fragile and can be lost almost overnight if their clients’ data is lost or stolen.
That’s why preventing data theft should be one of the top priorities for any discerning legal firm today. Surprisingly, given the wealth of confidential data they are responsible for safeguarding, many haven’t yet taken all the necessary steps to achieve tighter security.
Risks have increased in the past few years as financially motivated cybercriminals have become more advanced and double extortion and Ransomware-as-a-Service (RaaS) have emerged as tactics. As notable groups have rung up a string of successes infiltrating different types of businesses – some of which have been well publicised and some swept under the carpet and kept quiet – they’ve gained confidence and become greedier. As a result, ransomware demands have risen steadily year-on-year. So too has the price of cyber insurance, which is no longer simple to purchase because insurers have themselves raised their list of demands from organisations wishing to buy it.
If a legal firm is held to ransom, the fee demanded might just be the tip of the financial iceberg. What would clients think if a law firm lost sensitive data that was then published on the dark web or sold to a competitor? There’s little chance of the client returning with more business, but a high chance of them suing the firm. And there’s a very high likelihood that the firm’s brand reputation would soon be in tatters. Even in cases when a ransom is paid, some cybercriminals go back on their ‘promise’ to release data without copying and selling it. And it’s well known that, even after a ransom has been met, threat actors can dwell inside IT networks waiting for the chance to strike again.
Hidden costs of a ransomware attack
Just running through potential costs and loss of income is enough to check what cyber security is in place and how to strengthen it. This can include:
- Business disruption due to any IT systems being out of action
- Getting technology up and running again (which could take days or weeks)
- Ransomware fee – if paid
- Loss of lawyers’ billable time to clients
- Defending lawsuits from clients
- Loss of clients
- Financial penalties from industry regulators
- Recruiting new personnel in the event of lawyers or other employees leaving due to any or all of the above.
It soon becomes clear that there’s much more to lose than just data and there’s a lot more to pay than just the ransom fee, which itself could be quite extortionate, depending on the quantity and quality of the stolen data. In fact, according to cyber news website Bleeping Computer, the ransom fee is only 15% of the total cost of the ransomware attack. And Microsoft Security’s research claims that a ransomware attack occurs somewhere in the world every 3 hours and 15 minutes.
A case in point
Industry regulators, such as the Information Commissioner’s Office (ICO), take data security very seriously. In one recent case they fined English law firm Tuckers £98,000 for failing to take the necessary steps to secure their clients’ information. After cybercriminals broke into their networks and compromised almost 25,000 court bundles, some of which contained medical files and witness statements, they shared 60 files on the dark web. The ICO stated that Tuckers should have improved their security to the same standards as the NCSC Cyber Essentials, but failed to do so.
Despite the latest ransomware facts and figures pointing to an ever-more hostile digital environment, the truth is that organisations that prepare properly can greatly reduce the chances of being compromised. Breaches can be avoided by partnering with a cyber security company that knows exactly how to minimise risks in the first place.
Help is at hand
With experience helping over 150 organisations of any size prevent or respond to cyber incidents, Quorum Cyber has a range of services to defend your firm from known, emerging and unknown cyber threats. And if you’re unlucky enough to be breached then help is at hand. Our Incident Response team is ready to leap into action any time of the day or night. They have a proven track record of responding to a myriad of urgent and complex incidents for customers using any blend of technology tools and platforms.
While recovering from a breach, we can place you under the protection of our Security Operations Centre (SOC) to move you to a safer position and prevent further attacks. This will give your team a much-needed rest during what’s a stressful and tiring time, and give you some peace of mind that a second cyber-attack won’t make the situation worse.
Prevention is always better than a cure, of course. This is why we highly recommend our Microsoft Sentinel Security Operations Centre and Managed Detection & Response (SOC & MDR) service, which already safeguards many organisations around the world, around the clock. Operated by experts equipped with Microsoft’s market-leading security technologies, they monitor your whole environment, detect any potential threats and respond rapidly.
With our new premium service, Managed XDR, we provide comprehensive security across your entire IT estate, combining the strengths of Microsoft’s two families of Defenders – Microsoft 365 Defender and Microsoft Defender for Cloud – plus Microsoft Sentinel into one single service. Our qualified team of professionals will protect absolutely everything in your ecosystem, from Operational Technology (OT) to the Internet of Things (IoT), to email, identities, databases, networks, firewalls, virtual machines and all cloud-based services including from Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure. Managed XDR includes the SOC & MDR service as standard.
Reduce your risk and protect your reputation
Whatever your firm’s risk appetite and wherever it is on its security journey, we can help you significantly reduce the chances of being compromised.
Explore more of the cyber security challenges facing the legal sector today and how Quorum Cyber can help you to overcome them on the dedicated legal sector page of our website.