Law firms continue to be key targets for cybercrime and information security breaches. Lockton sets out some risk factors and some possible approaches

Risk management is an integral part of the service provided by Lockton, and as such, we work closely with the Law Society of Scotland and the profession to deliver a resource centre for a range of risk and compliance guidance.

Information security, cyber risk and fraud are a key focus of our risk management efforts this year, and we have just launched the first module of our e-learning on password security, which can be found on our website

All law firms remain vulnerable given the volume of personal and corporate sensitive and valuable information handled, and there are differing approaches to cyber security. Some firms have chosen to spend in building their IT defences and investing in the best security software to detect attacks and system vulnerabilities, while others have also chosen to effect specialist cyber insurance as their failsafe position.

A comprehensive specialist cyber policy should be structured to offer a suite of breach response services that are vital when a firm falls prey to a cyber incident. Recent claims activity determines that it is often first-party protection that is needed, i.e. immediate support to help manage a breach. The policies (see chart below) will commonly pay for the IT forensic investigation costs needed to determine what information has been compromised and look to remediate the problem. In addition, the support of a PR company will assist the firm in managing any adverse publicity that may occur.

Types of cyber attacks

Attacks may vary; however, social engineering theft of office account or client account funds is the most common type of cybercrime.

  • Some of the features that are looked for in assessing a law firm’s cyber risk are these:
  • volume of personal and corporate sensitive information;
  • encryption and auto wipe of all removable devices;
  • documented and tested disaster recovery or business continuity plan;
  • two-factor authentication access to the network;
  • robust cloud vendor management; cyber security awareness training;
  • penetration testing completed regularly; physical security;
  • board awareness of cyber and information security.

It is prudent for law firms to undertake a gap analysis, and we in the Lockton Master Policy practice management team can assist in providing practical advice on information and cyber security.

Siobhan Fogarty qualified at the Irish Bar and is now a client director in Lockton’s Master Policy team. She can be contacted at

Share this article
Add To Favorites