In-house legal departments are far more likely to fall victim to a phishing attack than most of their colleagues, according to a latest study on data breaches.
Communications and technology company Verizon’s 2015 Data Breach Investigations Report shows that departments such as legal, communications and customer service were ‘far more likely’ to open a phishing email than all other departments.
The report acknowledged opening emails was a ‘central, often mandatory component’ of their jobs. But it said there was no ‘statistical difference’ in terms of how many people in each department actually clicked a link.
The report analysed data from more than 60 countries, including the UK.
Law Society technology policy adviser Tim Hill said it was not clear whether the report’s findings were true of UK legal departments, ‘or indeed elsewhere in the EU, where currently rigorous data protection obligations are set to be strengthened in the new general data protection regulation and cybersecurity is likely to be high on in-house counsels' agenda’.
In-house departments are understood to be attractive targets for cyberattacks due to the sensitive information they hold.
A government-commissioned survey by professional services firm PricewaterhouseCoopers this year showed that 69% of large organisations suffered from an external attack, up from 55% in 2014. More than two-thirds of small businesses experienced a similar attack, compared with 33% the previous year.
However, the PwC report showed a significant increase in the number of organisations who provided ongoing staff security-awareness training – 72% of large organisations and 63% of small businesses this year compared with 58% and 54% respectively in 2013.
The Verizon study indicated ‘some’ hope in its findings, reporting that three-quarters of emails were not opened or ‘interacted’ with.