top of page

A new report reveals 75% of legal firms surveyed lost £4m of clients’ money to cyber-attacks

Picture this, you are working to help a client complete on their new home and the final step that is outstanding is for the mortgage provider to release the funds. The provider informs you the money is on its way, but it does not arrive, instead a cybercriminal has intercepted, and they now have a very healthy bank account.

Legal firms by their very nature handle financial transactions involving large amounts of money and sending and receive bundles of sensitive client information.

To handle this data, legal firms rely on digital technology and systems to carry out everyday tasks including online bank transfers, automated identity checks or simple emails from the firm to their clients.

A report by the Solicitors Regulation Authority revealed that 75% of the firms included in the report had been the target of a cyber-attack. Frighteningly, in the remaining cases the firms reported that cyber criminals had directly targeted their clients during a legal transaction.

The report also went on to reveal that 23 of the 30 cases in which firms were directly targeted saw a total of more than £4m of client money stolen. While £3.6m of this was ultimately claimed against insurance policies, a further £400,000 had to be repaid directly from firms’ own money. These figures do not take account of the wider cost of such incidents to firms, for example higher insurance premiums, lost time, and damage to client relationships.

The financial impact of a loss of data is more difficult to calculate, but we found these often resulted in indirect financial costs. For example, one firm lost around £150,000 worth of billable hours following an attack which crippled their system.

Firms also reported that attacks were not isolated incidents. Two of the larger firms we visited reported that they were targeted hundreds of times a year, although the vast majority of these attacks were not successful.

Cyber security is an issue for any process which is wholly or partially reliant on technology,

including those facilitated online, via email or through the use of any computer or device.

Twenty-three firms had informed law enforcement following their last cybercrime incident.

These included incidents where:

  • a client transferred £70K to a fraudster

  • a further £70K transfer was made to a fraudster in an unrelated incident by another client

  • a solicitor transferred £340K to a fraudster.

How can the WMCRC help businesses within the legal, financial and property sector?

To help businesses in the legal and financial sectors to outsmart cyber criminals and toughen up their cyber security, the Cyber Resilience Centre for the West Midlands, has been established to provide businesses from all sectors and of all sizes with an affordable way to access cyber security services designed to help improve cyber resilience.

We offer a free core membership to businesses in the West Mids, becoming a member will enable you to receive a welcome pack full of practical resources and tools, designed to help you identify your risks and vulnerabilities and the steps you can take to increase your levels of protection. Through your membership, you will also get regular updates on new threats, designed to help you stay safer.

The WMCRC works with a network of official Cyber Essentials providers, these are our Trusted Partners. Our Trusted Partners help local businesses achieve the Cyber Essentials and Cyber Essentials Plus Certification.

It is understood that a busy solicitor’s office has little time for combing through complicated jargon, Cyber Essentials provides that first step in demonstrating cyber security. A Cyber Essentials certification covers the basic technical controls that will help prevent the most common, commodity attacks. Cyber Essentials is a great place to start for the legal sector, the certification is broken in 5 control areas:

  • Access Control which looks at how businesses can ensure that employees have the correct access levels for their roles and how access permissions should be monitored and checked regularly.

  • Secure Configuration looks at how businesses implement security measures when setting up or installing new computers and network devices, in order to reduce unnecessary cyber vulnerabilities.

  • Software Updates are essential for effective cyber security. This control area looks at how cyber criminals can exploit vulnerabilities that are exposed by out-of-date software. When a new update is released, attackers will quickly identify the underlying vulnerability in the application and release malware to exploit it.

  • Malware Protection looks at how businesses can help spot the signs of malicious activity and keep themselves out of the paths of cyber criminals.

  • Firewall and Routers looks at how a firewall provides a defence barrier between your network and the internet and how this is key in protecting your devices.

Click on these links to learn more how we can work with you and our Trusted Partners and the Cyber Essentials Scheme.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page