Irish law firms experience near 50pc increase in cyber attacks
Published 21/11/2016 | 09:16
There has been a near 50pc increase in the number of cyber attacks reported by Irish law firms in the past year, according to research published today.
Three firms out of every ten have been subject to a cyber attack in the past 12 months, while 38pc of the country’s top 20 firms have been the target of an attack.
However, the scale of the problem may be even worse as it is thought many attacks go unreported.
The data was drawn from a survey of 107 practices in September and October, conducted by Amárach Research for an annual survey of law firms published by accountancy and consulting firm Smith & Williamson.
The names of the firms who took part in the research have not been disclosed, but researches said they included 13 of the top 20 firms in the country, 17 mid-tier firms and 77 small firms.
Over half of the security breaches reported were caused by malware, while 35pc involved ransomware, where hackers block access to computer systems until a sum of money is paid.
The report said cybercrime was on the rise and one of the biggest emerging threats facing the legal profession.
It described cybercrime as “a clear and present threat to legal practices in Ireland”, warning attacks will occur more frequently.
While data on losses by Irish firms has not been disclosed, the report said British professional indemnity insurer QBE had reported around Stg£85m (€99m) was stolen from client accounts in the previous 18 months in the UK.
Four out of ten Irish firms who were subjected to a cyber attack suffered “down time” as a result.
Smaller firms appeared to be more vulnerable to a attacks than larger ones.
Among the top 20 firms, they reported that despite being more likely to be attacked, they had invested in cyber security to the extent where to date such attacks were having little or no impact on their operations.
The Smith & Williamson report said firms needed to be cognisant of the risks of having lax security controls or untrained staff.
It said analysing risks requires a review of outsourcings and contractors as well as evaluating the benefits of a cyber insurance policy.
“Law firms present a particularly attractive target for cyber criminals. Firms hold sensitive and potentially valuable data about individuals and corporates and may have significant client account balances on hand,” the report said.
“Losing client data or funds or having sensitive and confidential information exposed may be the most frightening outcome for a law firm resulting from a cyber attack.
“Earlier this year it was reported that law firms were the targets of espionage by hackers who tried to obtain merger and acquisition details in order to facilitate insider trading.
“Firms acting in this area are likely to remain at risk from both cybercriminals and nation state attacks.”