mobile phone and laptop

Fraud and Cybercrime vulnerabilities in the legal sector

Research into the risks impacting the top 200 law firms

Jim Gee, Partner,  National Head of Forensic Services
mobile phone and laptop

The cyber landscape is becoming increasingly complex and keeping pace with the evolution of cyber threats is becoming challenging for law firms. This was evident in this year's Law Firm Benchmarking results which found that nearly half of all participants rated fraud and cybercrime as a business critical risk to their firm.

The fraud and cybercrime vulnerabilities in the legal sector report has been developed by Crowe, KYND and University of Portsmouth’s Centre for Counter Fraud Studies. It reveals that the vast majority of the top 200 law firms have significant unaddressed cyber risks setting a concerning precedent for all UK law firms and highlights the need for firms to take action to protect against cyber-attacks.

Download the Fraud and cybercrime vulnerabilities in the legal sector report

Key findings

key finding nos one 

91% of firms analysed are exposed to having their website addresses spoofed.

 key finding 80.5% of firms were running at least one server which a well-known vulnerability.
 key findings 3 21% of firms were using out of date software putting them at a higher risk of attack.
 key finding 4 23% of firms had at least one expired security certificate.
  79% of firms had at least one domain registered to a personal email address.
Download our full report

What actions should firms take?

If you are concerned the findings of this research relate to your firm, Crowe can provide the independent verification necessary to ensure your firm is protected.

We can help you to:

  • obtain comprehensive insight into your firm’s cyber risk exposure
  • address specific vulnerabilities in your externally facing IT infrastructure that could be exploited by hackers
  • identify whether any of your firm’s email addresses have been compromised
  • take actions to prevent exploitation of potential cyber risks.

Contact us

Jim Gee
Jim Gee
Consultant, Forensic Services