Skip to content
Go back

Article Tags:


Cost to your firm, or cost you your firm? The real cost of cyber crime

By Ashley Sorensen, Head of Channel Partnerships, Xyone Cyber Security

Recent statistical increases in law sector cyber crime make for disturbing reading, and as is the case with any criminal activity, the more sophisticated an attack, the sophistication required for prevention has to be far greater.

Whereas common sense alone has often been a driving force behind many law firms minimising their exposure to cyber security breaches, for those that have continued to ponder what to do and where to go, the pressure to act is mounting.

The ever increasing number of claims for cyber crime is compelling PI insurance underwriters to act. Some are refusing to include cover against it, but as with any business sector, the insurance industry includes companies offering pioneering solutions to this mounting issue. The result is a new emergence of insurance companies willing to offer such protection, provided recognised measures and standards have been attained.

Such accredited standards are readily available, and include Cyber Essentials, Cyber Essentials Plus, Lexcel, as well as the British Standard in Information Security, ISO27001.

Not only should firms be encouraged to achieve such accreditations for insurance purposes in the future, they should also want to demonstrate a commitment to Information Security as a high priority, as such results in respect from their client base, whilst also enabling competitive advantage.

Fundamentally, law firms have a responsibility to close gaps that allow criminals to prosper. As most cyber crime activity in the law sector attacks client assets directly, the aftermath of a destroyed reputation is often the beginning of the end of a firm, if not the end itself.

So how does a firm begin to deal with the threat of cyber crime? What are the signs to look for? Has a firm already been hacked and they're unaware of it? Are they mitigating their threat with vulnerability scanning or penetration testing? What is the difference? What are all the internal and external threats? What are the current/future likely procedures a firm will have to have in place to satisfy the SRA, insurers, Lexcel, and the imminent arrival of the European Commission's General Data Protection Regulation?

Last year, Xyone Cyber Security launched its 'Threat & Standards Awareness Training' sessions. Over 100 law firms took advantage of this training module, which was attended by Partners, Board Members, Heads of Risk & Compliance, and Heads of IT throughout the UK.

In collaboration with this publication, these sessions have been extended on a zero expense basis. By completing this training module, attendees will fully understand the three strategies necessary to prevent cyber-attacks, being to mitigate:

  • External Risk
  • Internal Risk
  • Breaches with Compliant Structures

Confidentiality has been vital in our success, and with a reputation gained from references supplied by working alongside many of the most respected law firms in the UK, Xyone Cyber Security is at the forefront for all your Information Security requirements. Book your 'Threat & Standards Awareness Training - Prevention Over Cure' by calling 03333 233981.

The article written by Ashley Sorensen, Head of Channel Partnerships, Xyone Cyber Security.

'WESLEYAN’ is a trading name of the Wesleyan Group of companies.

Wesleyan Assurance Society and Wesleyan Bank Ltd are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Wesleyan Financial Services Ltd, Wesleyan Unit Trust Managers Ltd, Practice Plan Ltd and DPAS Ltd are authorised and regulated by the Financial Conduct Authority.  Advice about investments, insurance and mortgages is provided by Wesleyan Financial Services Ltd.

Click for more information about the Wesleyan group of companies.

© 2021 Wesleyan Assurance Society