Dozens of law firms were investigated by the information commissioner for potential data breaches in 2014, new figures have revealed.
A freedom of information request by Egress Software Technologies revealed that the Information Commissioner’s Office investigated 173 UK firms for a variety of incidents that may have breached the Data Protection Act.
A total of 187 incidents were recorded – 29% related to security and 26% related to incorrect disclosure of data. It is not known how many of the investigations led to prosecutions.
Egress chief executive Tony Pepper said: 'If you speak to any partner in a law firm, no one would argue the need for information security. So it does not add up why firms are not protecting that client information and taking daily risks.
‘It is only a matter of time before a high-profile firm is fined and the reputational damage that will bring to that firm as clients start to look elsewhere.’
The Bank of England’s former head of security has told the Gazette he believes it is inevitable a major cyber breach will occur in the legal profession.
Don Randall MBE, who has joined City firm Bivonas Law as a senior consultant, said law firms were unaware of their susceptibility.
Randall, also the Bank of England’s former chief information security officer, said: ‘Lawyers hold an immense amount of sensitive and valuable data. What used to be held in secure filing cabinets is now held in online case management systems.
‘When you consider that organisations such as government agencies and even the Pentagon are hacked, it is only a question of time before a major breach occurs in the legal profession.’
Timothy Hill, technology policy adviser at the Law Society, said firms needed to start taking cyber threats seriously. Failure to do so, he said, could not only result in direct financial loss but also reputational damage.