27 January 2025
Cybercrime is expected to cost £8.5 trillion globally by 2025, highlighting the scale and sophistication of the cyber ecosystem.
With the legal sector reportedly accounting for over 24% of global cyber-attacks, RSM UK’s Andrew Baker and Stuart Leach discuss how firms can protect themselves from the ever-evolving cybercriminal.
Andrew Baker, partner and professional services specialist at leading audit, tax and consulting firm RSM UK, said: “The legal sector is an attractive target for cyber-attacks. The disproportionate amount of confidential sensitive data held, large cash balances and high value transactions within the client accounts, together with frequent use of third-party service providers and high-pressure interactions with the public, create a perfect storm for cyber threats. Over 90% of cyber-attacks involve an element of human error such as phishing, business email compromise and impersonation, so regardless of control environments and IT infrastructure, businesses are on the edge all the time.
“Although law firms’ operating models make them a prime target for cyber criminals, that isn’t to say they are equipped with the infrastructure and financial security to navigate a cyber-attack. They disproportionately process and hold large amounts of cash for clients, amplifying the impact of a cyber breach. Unfortunately, organisations can also fall foul to believing their cyber insurance will cover any loss through fraud, however this is not always the case and can be overlooked as a business-critical issue.
“Even with valid insurance in place, if money is stolen from a client’s account during a cyber-attack, the law firm is obligated to replace that money immediately, often months before an insurance payout is received. Regardless of whether valid insurance is ultimately in place the delay, or worst-case scenario no recourse, creates a real risk of financial distress for the firm.”
Stuart Leach, technology and cyber risk assurance partner at RSM UK, added: “Cybercrime is a severe global issue and as history tells us, will continue to grow, with the legal sector taking a significant share of cyber-attacks. The cyber landscape continues to evolve at pace and with organisations adopting and becoming more operationally dependent on AI, the cyber threat landscape will become even broader with specific attacks against AI likely to become more common place.
“To defend against this, we are seeing organisations adopting AI to enhance governance and control environment and cyber security technology providers embed AI capability. However, cybercriminals remain one step ahead by using AI to boost sophistication of common cyber-attacks as well as the rise of deepfakes becoming more common. We have seen a few organisations fall foul to these types of attacks resulting in payment fraud with some organisations losing millions in the process.
“When considering direct cyber-attacks against AI, data governance and control will be key to managing these new risks across AI algorithms, models and technologies. However, organisations also need to prioritise building resilience to cyber-attacks which requires an understanding of where data is, has been and will be. This will help to understand the threat landscape, manage third-party risks, and foster a strong cyber culture to form a tailored cyber response plan. However, it’s crucial that businesses ensure their plan is kept under constant review, to keep up with the pace of cybercrime.”



