The UK Cyber Threat Report – “If you only read one cyber report this year, read this one”

Andrew Powell, CIO of Macfarlanes

The National Cyber Security Centre (NCSC) released a Cyber Threat Report on Thursday 22 June, focused on the UK Legal Sector. At the launch event at NCSC’s London offices on Thursday, CEO Lindy Cameron took the opportunity to highlight the range of threats faced by the UK legal sector, from criminals seeking financial gain through ransomware, to nation states looking for the upper hand through theft of IP. The report looks to help UK law practices of all sizes to be more resilient to the main methods of attack.

Much has changed in the world since the report was last published in 2018, though many of the cyber risks identified in the report are depressingly familiar. The 2023 version benefits from input from the NCSC (including its i100 industry programme that includes CISO’s co-opted from several law firms), Action Fraud, the NCA, and also what NCSC refers to as its amplification partners: the Bar Council, Law Society and SRA. The report pulls together research, information and guidance from numerous sources and is an excellent resource for raising awareness of the specific cyber risks facing law firms, and what to do about them. Essential reading for every law firm’s (and chambers) executive team and IT professionals. If you only read one cyber related report this year, read this one.

Andrew Powell is CIO at Macfarlanes, responsible for setting and implementing the firm’s IT and information security strategies. A member of the firm’s executive and a chartered fellow of the BCS, he was recently certified in cybersecurity from (ISC)².

If you have a report or information that you would like to share with the legal community please email