Predictions for 2023: Cybersecurity in the legal sector

Cybersecurity is a top concern for the legal sector. PWC’s Annual Law Firm Survey released in 2022 revealed that the industry is increasingly worried about cyber risk, especially as it becomes harder to insure against it. In fact, four in every five firms list cyber risk as a significant concern and many are hiring experts and dedicated teams to support the fight against the hacker. 

Fortunately, alongside evolving risk, there are a number of cybersecurity measures those in the legal sector can prioritise to bolster their security posture for 2023. Across the coming year, it’s crucial that proactive rather than reactive security remains front of mind – not only to make insurance more accessible, but also to best protect the legal workforce and their customers from the growing threat from cyber criminals. Below, I’ve listed my top 2023 cybersecurity predictions for law firms and outlined crucial guidance to improve cyber hygiene across the industry. 

Threats will evolve

First, the good news. At least for the beginning of 2023, conveyancing fraud is likely to slow. The price of mortgages is rising and less people are looking to move house in an uncertain economic climate. However, the bad news is that cybercriminals won’t simply accept a lack of successful breach attempts – cybercrime is a business and it’s often the livelihood of threat actors. Instead, they will look for other ways to exploit a vulnerable organisation. 

The insider threat will continue to pose a high risk

By the very nature of the work that lawyers do – primarily over email and involving sensitive data – the legal sector is highly vulnerable to phishing. It’s clear that this form of cybercrime has established itself as one of the most common ways hackers seek to infiltrate many industries. And these malicious emails are only likely to get more sophisticated in 2023. 

Considering 83 per cent of organisations fell victim to a phishing attack last year, the human element of cybersecurity – the ‘insider threat’ – must be considered by law firms. Regular cyber awareness training will help to encourage a ‘security first’ mindset across an entire firm, conducted little and often to ensure the importance of cybersecurity is translated into the day-to-day operations of employees. Additionally, phishing simulations can be an excellent way to improve user awareness of the types of risks their firm is exposed to. However, it’s also important that the results of any training and awareness programmes are analysed, with follow up support provided for staff who are struggling. 

Cyber insurance premiums will rise 

Cyber insurance premiums have risen exponentially over recent years. In the UK, premiums rose by  92 per cent in the final quarter of 2021 and, exacerbated by Russia’s invasion of Ukraine and the prospect of cyber warfare, this trend continued through 2022. It’s likely we’ll see cyber insurance as an issue discussed by boardrooms in 2023 as the market attempts to stabilise.