The UK’s National Cyber Security Centre (NCSC) has released updated guidance to help law firms mitigate the latest cyber threats.

PwC claimed last year that the top 100 law firms spent an average of 0.46% of fee income on cybersecurity in 2022.

They are a popular target for attack for several reasons. Lawyers typically handle highly sensitive information for their clients, some of which could be used for insider trading or gaining the upper hand in negotiations and litigation, the NCSC warned.

Law firms also handle significant volumes of funds for their clients, and disruption due to ransomware can be costly. Smaller firms may also use external IT service providers.

Among the main threats to the sector highlighted by the report are:


  • Phishing emails designed to steal credentials or install malware
  • Ransomware and other malware that could disrupt operations and steal sensitive information
  • Password attacks, which typically take advantage of poor security practices


This is a good time to review advice and guidance related to phishing and ransomware, which remain the most prevalent ways in which organisations find themselves compromised.

The NCSC ransomware guidance has been brought together in one location, to provide more information on what malware and ransomware is, preventative actions to take, steps to take if your organisation is already infected, and further advice.

Similarly, NCSC has a single place to find guidance for organisations on how to defend against phishing attacks. This guidance covers what phishing is and the defences and mitigations to put in place to protect your organisation.


NCSC board toolkit

The NCSC continues to call upon organisations to bolster their online defences and its board toolkit is a useful resource to aid discussions.

This covers a range of cybersecurity topics, starting with an introduction to Cyber security, and includes nine modules, each one filled with straightforward guidance and helpful questions that organisations can ask their technical teams.

The toolkit is designed to guide organisations through Cyber security, no matter what their starting point. It can be seen as guidance to support organisations in getting up to speed on a topic they might not be familiar with.

The toolkit introduces key Cyber security topics and explains why these are important to every organisation. Think of it as less of a manual to be read cover to cover, and more as a resource to be used to help you develop your own cybersecurity board strategy – one that can adapt to fit your own unique cultures and business priorities.


NCSC stats for Cyber threats

Board-level engagement with cybersecurity is relatively low, with only 50% of businesses and 40% of charities having one or more board members with oversight of cybersecurity risks.

If your organisation is connected to the internet then it is exposed to cyber risk, and regulations such as GDPR make it clear that Cyber security is not the responsibility of an individual but of the whole organisation.

The majority of cyber-attacks are opportunistic and untargeted, with the perpetrator seeking to take advantage of a vulnerability in a system without being particularly interested in whose system it is.

Since April 2020, members of the public have reported over 10.5 million suspicious emails to the NCSC, resulting in the take-down of 76,000 online scams. This is in addition to a 161% increase in unauthorised access to personal information offences – including hacking – last year.



In conclusion, these recent statistics that the NCSC have shared should be taken as a reminder of why everyone should invest time, effort and money into their Cyber Security. Whether you are an individual, business or organisation.

This is because anyone can be a victim to the many Cyber threats online. As the saying goes, “you can’t fight what you can’t see”. This applies to Phishing especially.

Because of this, we strongly suggest you consider Cyber Security training or a governmental scheme for your business like Cyber Essentials.

We hope you’ve liked this blog and that you’ll stick around to see our future releases, covering everything from recent IT News to Knowledgebase articles. Thanks for reading!