Cyber-Security: 3 Key Legal Regulatory & Professional Discipline Trends for 2022 – Part 3

Irina Baranova

In this series of news alerts, our regulatory and professional discipline partner, Andrew Pavlovic, identifies three key regulatory trends of which firms and solicitors need to be aware in 2022. In this third alert, Andrew Pavlovic considers the steps law firms can take to better protect themselves from the rising risk of cyber-security issues and the regulatory implications of cyber-crime on firms, including the obligations firms have to report cyber-security breaches.

Cyber risk has been an issue for law firms for many years. However, the changes in working environments brought about by the Covid-19 pandemic have been particularly helpful to cyber-criminals, with increased homeworking and remote authorisation processes resulting in increased opportunities for fraudsters. Many firms have had to invest significantly in their IT infrastructure in order to ensure that their systems are sufficiently robust to resist attack.

Ransomware has emerged as a growing threat in the last year, with the UK National Cyber Security Centre reporting that there were three times as many ransomware attacks in the first quarter of 2021 as there were in the whole of 2019. Ransomware is typically deployed through phishing attacks – where employees/members are tricked into providing details or clicking a link that downloads the ransomware software onto a computer.

Law firms are particularly vulnerable to ransomware due to the large amount of confidential and privileged information that they hold. Any release of that information has the potential to result in large fines and regulatory action from both the Information Commissioner and the SRA. Where attacks occur, the SRA will require evidence that sufficient training has been provided to staff and that its IT systems are adequate.

In the summer of 2021, two high-profile and highly regarded Chambers were subject to ransomware attacks, resulting in the Bar Council issuing a cyber-attack warning for Chambers, and advising that Chambers should investigate obtaining insurance for cyber-attacks or business interruption if they had not already done so.

More recently, the Simplify Conveyancing Group was hit by a cyber-attack, significantly compromising its IT systems, and leading to complaints of delays on transactions from clients. Their regulator (the Council for Licenced Conveyancers) publicly stated that the Group needed to improve its communications with clients and lenders. The attack has been raised in parliament with some MPs calling for an inquiry and compensation for clients whose transactions have been delayed.

It is clear that cyber attacks will represent an increased risk in 2022, and that there are potential regulatory implications for firms that fall victim to such attacks.

Next Post

Mayor Keller and City Leaders Discuss Results of Legislative Session; Change Must Continue at Every Level of Criminal Justice System

February 18, 2022 Today, Mayor Keller, public safety leaders, and advocates affected by violence assessed the results of the 2022 legislative session. The press briefing can be viewed here. Throughout the 30-day session, the City and its partners pursued an agenda guided by priorities identified during Mayor Keller’s Metro Crime […]
Mayor Keller and City Leaders Discuss Results of Legislative Session; Change Must Continue at Every Level of Criminal Justice System