Predictions for 2023: Cybersecurity in the legal sector
Lawrence Perret-Hall reviews firms' information security in 2023
Cybersecurity is a top concern for the legal sector. PWC’s Annual Law Firm Survey released in 2022 revealed that the industry is increasingly worried about cyber risk, especially as it becomes harder to insure against it. In fact, four in every five firms list cyber risk as a significant concern and many are hiring experts and dedicated teams to support the fight against the hacker.
Fortunately, alongside evolving risk, there are a number of cybersecurity measures those in the legal sector can prioritise to bolster their security posture for 2023. Across the coming year, it’s crucial that proactive rather than reactive security remains front of mind – not only to make insurance more accessible, but also to best protect the legal workforce and their customers from the growing threat from cyber criminals. Below, I’ve listed my top 2023 cybersecurity predictions for law firms and outlined crucial guidance to improve cyber hygiene across the industry.
Threats will evolve
First, the good news. At least for the beginning of 2023, conveyancing fraud is likely to slow. The price of mortgages is rising and less people are looking to move house in an uncertain economic climate. However, the bad news is that cybercriminals won’t simply accept a lack of successful breach attempts – cybercrime is a business and it’s often the livelihood of threat actors. Instead, they will look for other ways to exploit a vulnerable organisation.
The insider threat will continue to pose a high risk
By the very nature of the work that lawyers do – primarily over email and involving sensitive data – the legal sector is highly vulnerable to phishing. It’s clear that this form of cybercrime has established itself as one of the most common ways hackers seek to infiltrate many industries. And these malicious emails are only likely to get more sophisticated in 2023.
Considering 83 per cent of organisations fell victim to a phishing attack last year, the human element of cybersecurity – the ‘insider threat’ – must be considered by law firms. Regular cyber awareness training will help to encourage a ‘security first’ mindset across an entire firm, conducted little and often to ensure the importance of cybersecurity is translated into the day-to-day operations of employees. Additionally, phishing simulations can be an excellent way to improve user awareness of the types of risks their firm is exposed to. However, it’s also important that the results of any training and awareness programmes are analysed, with follow up support provided for staff who are struggling.
Cyber insurance premiums will rise
Cyber insurance premiums have risen exponentially over recent years. In the UK, premiums rose by 92 per cent in the final quarter of 2021 and, exacerbated by Russia’s invasion of Ukraine and the prospect of cyber warfare, this trend continued through 2022. It’s likely we’ll see cyber insurance as an issue discussed by boardrooms in 2023 as the market attempts to stabilise.
For the legal sector, there’s opportunity for greater collaboration with security experts and cyber insurers to support this market stabilisation. This can incorporate more platforms for sharing knowledge or creating opportunities to advise and guide vulnerable organisations. However, this collaboration needs to start earlier. Currently, cybersecurity is too reactive; security experts, insurers and cyber lawyers are often on hand as soon as a breach occurs, but there is far less engagement before this event. This will need to change in 2023 if we’re to get ahead of threat actors.
Law firms will turn to external security experts
For smaller firms with fewer IT and security staff, hiring a dedicated team of cyber experts to deliver regular staff awareness training, conduct phishing simulations and implement new processes and procedures to improve cyber hygiene may not be realistic. Many simply don’t have the resource or budget for this. Thus, it’s becoming increasingly necessary to work with a trusted security partner to bolster cyber resilience and ensure return on investment on cyber investment. In a year of intense budget scrutiny, working with security partners that can help to protect the highly sensitive data that legal firms hold will be crucial.
Lawrence Perret-Hall is director at CYFOR Secure: cyforsecure.co.uk