Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Security
  • /
  • NCSC urges legal firms to strengthen their cyber defences

Security

NCSC urges legal firms to strengthen their cyber defences

Legal firms have today been issued with the latest guidance and steps to take to combat the evolving cyber security threats the sector faces.

Above: To view the Cyber Threat to the Legal Sector report, click here .

The National Cyber Security Centre – which is part of GCHQ – has published its latest Cyber Threat to the Legal Sector report to highlight the potential threats to legal firms, from ransomware attacks by criminals to intellectual property theft by state actors.

Advertisement
Teledyne

The report, which updates a previous iteration from 2018, looks to help UK law practices of all sizes and types of law be more resilient to the main methods of attack.

It warns how the widespread adoption of hybrid working, accelerated during the COVID-19 pandemic, has increased the risks online and how sensitive information and the sums of money firms often handle can make them particularly attractive targets to attackers.

The report also contains case studies which emphasise the severe impacts that incidents can have; for example, conveyancing firm Simplify Group was left unable to process house moves for weeks after an attack, which is reported to have cost the company £6.8 million.

Another firm, Tuckers Solicitors LLP, had data relating to 60 court cases stolen and leaked on the dark web after it fell victim to a ransomware attack.

NCSC CEO Lindy Cameron said: “The UK legal sector carries out essential work to uphold our society; however, we know the sensitive data legal firms handle can make them attractive targets to online attackers.

“With the cyber landscape constantly evolving, the NCSC has produced an up-to-date picture of the latest threats facing the sector, alongside advice and guidance designed to ensure the sector can stay secure.

“I urge all legal practices to follow the guidance in this report and take full advantage of the NCSC’s tools that it recommends to help increase their cyber resilience.”

The report has been produced with input from a range of industry experts and stakeholders, including the Law Society, the Bar Council, the Solicitors Regulation Authority, Action Fraud, National Crime Agency and the NCSC’s Industry 100 partners.

The Bar Council CEO Malcom Cree said: "This new report is both welcome and important. It provides extensive advice, information, and assistance to equip the legal sector with a better understanding of the challenges we all face. The report enables us all to reflect on the many challenges and focus on building better cyber security resilience in the legal sector.”

The Law Society President Lubna Shuja said: “It is vitally important that solicitors and law firms, whether large or small, are aware of the cyber threats they face and take steps to safeguard their systems. This new report from NCSC is a timely intervention that will be an essential resource for our members, providing information, practical guidance, and tools to help the legal sector protect the sensitive data it holds against cyber attack.”

The NCSC has a range of guidance and tools that organisations can access to improve their cyber security resilience, including the NCSC’s Active Cyber Defence (ACD) programme or the Cyber Essentials programme to secure a baseline of cyber security protections.

Advertisement
Gulfstream RT

Also, following a successful initial first year, smaller legal aid organisations can apply for free support with securing Cyber Essentials certification through the Funded Cyber Essentials Programme.

 

 

 

 


 

QinetiQ US achieves DoD

Security

QinetiQ US achieves DoD's CMMC Level 2 Cybersecurity Certification

16 July 2025

Advanced certification has positioned QinetiQ US among early achievers in a select group of companies meeting the US Department of Defense's enhanced cybersecurity standards, having earned Level 2 certification under the DoD Cybersecurity Maturity Model Certification (CMMC) programme with zero findings.

SkyShark takes flight

Defence Security

SkyShark takes flight

16 July 2025

MGI Engineering, a company forged in the fast-paced world of Formula 1, has officially unveiled SkyShark, a next-generation military drone platform designed to transform battlefield operations with speed, precision and UK-built sovereignty.

Chief Superintendent Fiona Gaffney joins NPAS as COO

Security

Chief Superintendent Fiona Gaffney joins NPAS as COO

15 July 2025

The National Police Air Service (NPAS) has welcomed Chief Superintendent Fiona Gaffney as its new Chief Operating Officer (COO), following the retirement of Chief Superintendent Vicki White after 30 years of service to policing.

Lane Electronics to showcase connectivity solutions at DSEI 2025

Defence Security Events

Lane Electronics to showcase connectivity solutions at DSEI 2025

15 July 2025

Franchised distributor of electrical, electronic and optical connectors, Lane Electronics, will be exhibiting at DSEI 2025 (9th–12th September 2025, Excel London) will have the opportunity to explore the company’s latest connector technologies and its UK-based assembly and services.

Advertisement
DSEI 2025
UK and France agree scheme to address illegal Channel crossings

Security

UK and France agree scheme to address illegal Channel crossings

11 July 2025

The Prime Minister Keir Starmer and French President Emmanuel Macron, have agreed a scheme to address illegal Channel crossings and dismantle the people smuggling networks.

IFS appoints Kriti Sharma as CEO of Nexus Black

Aerospace Security

IFS appoints Kriti Sharma as CEO of Nexus Black

11 July 2025

IFS has appointed Kriti Sharma as CEO of IFS Nexus Black. This strategic move reinforces IFS’s commitment to industrial AI and fast-tracks the development of agentic AI systems designed for the asset- and service-intensive industries it serves.

Advertisement
Gulfstream RT