The Solicitors Regulation Authority’s new Risk Outlook report shows that email remains a significant vulnerability for law firms, involved in more than four out of five of all reported cybercrime incidents.
The report outlines new threats as criminals look to exploit new technology. It shows that 83 per cent of cybercrimes reported in 2021 involved email – for instance, through email phishing attacks. Conveyancing has been the most common target for such attacks, but we are now seeing cybercriminals targeting a wider range of practice areas.
The report warns about the changing risks of ransomware. In 2021, the SRA received relatively few – 18 – reports of ransomware attacks. Traditionally ransomware simply encrypted data which meant attacks would not have involved a breach to report. Newer ransomware steals data as well as encrypting it, with criminals likely to pressure targets by threatening to release sensitive information. The SRA are now receiving reports from law firms of this activity.