Law firms have been warned to take stock of their cyber-security policies as an official report finds the scale and cost of breaches has almost doubled in the past year.
The 2014 Information Security Breaches report, from the department of Business, Innovation and Skills in conjunction with accountancy firm PwC, reveals that although the overall number of breaches fell slightly in 2013, the severity of breaches has risen ‘significantly’.
The report cited a large legal firm in the West Midlands which suffered a £20,000 theft by a staff member who took advantage of poorly designed security processes. ‘In addition to the monetary loss, it also took a large number of hours to detect and rectify the issue,’ it said.
Timothy Hill, technology policy adviser at the Law Society, said the report raises serious issues for solicitors. ‘This is something solicitors and other professional groups ought to take more seriously than other groups, given the highly confidential nature of their information.’
He said solicitors must collaborate with other professional groups. ‘We are exploring what further support we can give solicitors.’
According to the report 81% of large organisations suffered a security breach in 2013-14, down from 86% a year ago. Around 60% of small businesses reported a breach, down from 64% in 2012-13.
However the average cost of an organisation’s worst breach rose significantly for the third consecutive year. For small organisations the worst breaches cost between £65,000 and £115,000 on average and for large organisations between £600,000 and £1.15m, it said.
The government’s Cyber Security Information Sharing Partnership is calling on firms to join its free membership service, which provides access to the latest advice on tackling cyber-security threats.