According to a recent study by OnDMARC, just one organisation out of the top 100 law firms in the UK has “sufficient measures in place to fully protect against email fraud”.
With an economic value of £25.7 billion to the UK economy and as a net exporter up 5.6% in real terms over 10 years (valued at £3.6 billion), the robust defense and protection of the UK’s law firms’ cyber presence is critical to law firms individually and collectively, to clients trust in the legal sector, to the economy and ‘to the very fabric of our society’. The SRA’s Risk Outlook report 2016/17 makes references to the increased instance of cyber crime acknowledging that it continues to be a significant concern for law firms. Moreover, the Risk Outlook report stated that a ‘quarter of law firms have been targeted by cyber criminals’, while it was also suggested that the ‘true figure is likely to be higher’ as a result of under-reporting or the absence of detection, citing a report filed in 2015 by the Office of National Statistics (ONS). The contention that cyber crime is under-reported is echoed by IBM’s CEO who commented that ‘a significant portion of cyber crime goes undetected, particularly industrial espionage where access to confidential documents and data is difficult to spot.
Given the innumerable types of cyber crimes that affect firms generally, it is unsurprising that the SRA Risk Outlook Report 13 referenced CEO fraud & Friday afternoon fraud. These represent a significant problem for businesses in terms of cash and data theft and the reputational damage which follows as a result when those systems are breached.