This website uses cookies

We use cookies to improve your experience on our website. If you continue without changing your settings, we'll assume that you are happy to accept all cookies on the CLC website. You can change your settings at any time.


Businesses of all sizes now suffer cyber incidents. Law firms are no different. It is a matter of when, not if.

Firms need to understand just how dangerous and disruptive an attack can be - it's not just the incident itself but the recovery from it that has the potential to heavily disrupt client work and suck up huge amounts of management time, money and energy.

For these purposes, we expect that firms are keeping on top of their IT security. Your IT department/supplier should be continually monitoring the range of data protection options and counter-measures available.

The risk and impact of a cyber incident can be effectively reduced by segmenting, rather than separating, systems. You should deploy an

endpoint detection response tool to spot an incident, which will quarantine any device which has this problem detected.

You need to keep on top of awareness among staff and clients and test regularly to see if your systems can be penetrated in different ways.

Preparing for an incident

We have identified five issues to consider in preparing for an incident:

  • Ensure you have an internal incident response team with representatives from at least operations, IT and communications. Rehearse and simulate to test readiness in a live environment, map your digital

processes and maintain a separate list of customers so you can contact them if core systems are down.

  • Select specialist vendors of key services ahead of time: legal, IT forensic and public relations (it may be your cyber-insurer has a roster of these).

  • Have appropriate cyber-insurance, business interruption and response cover.

  • Carry out a mapping exercise to understand your regulatory obligations.

  • Are you prepared to pay a ransom? If so, in what circumstances and are there any barriers to doing so?