Two thirds of data breaches at UK legal firms caused by insiders: what the ICO stats show

New statistics published this week by NetDocuments make for a sobering read, with over two thirds of data breaches at UK legal firms caused by insiders, according to analysis of the latest data from the Information Commissioner’s Office (ICO).

From Q3 2021, 68% of identified data breaches in the UK legal sector (those where the origin could be identified) were caused by insiders, as opposed to 32% caused by outside threats, such as external malicious actors.

The break down is even more interesting:

  • 52% of data breaches in the legal sector occurred from sharing data with the wrong person (i.e., via email, post or verbally);
  • 25% of data breaches in the legal sector occurred from phishing attacks;
  • 10% of data breaches occurred from losing data (i.e., loss/theft of device containing personal data, or of paperwork or data left in insecure location).

It is not specified what the remaining 13% are caused by.

“Given the sensitivity and vast amount of data that law firms manage, the legal sector is one of the most at-risk industries from both accidental and intentional insider data breaches,” comments Andy Baldin, VP of international business at NetDocuments. “The shift to remote working and the advent of the ‘Great Exfiltration’ has only exacerbated the issue. It’s clear that law firms need to be extra vigilant and take proactive steps to gain control over how files are accessed, and what users can do with them, while at the same ensuring their staff remain productive.”

NetDocuments recently held a webinar on firms keeping secure amidst the Great Resignation. A link to the recording can be found here.

You may also want to read:

Failure to patch and introduce MFA led to £98k ICO fine for Tuckers Solicitors