Data breaches in UK legal sector up over a third
Analysis by NetDocuments of information collected by the UK Information Commissioner's Office (ICO) reveals a sharp increase in data breaches across the UK legal sector.
The report shows that in the period between Q3 2023 and Q2 2024, the number of identified data breaches in the UK legal sector rose by 39 percent (2,284 cases were reported to the ICO, compared to 1,633 the previous year).
In total, data relating to 7.9 million people was compromised, amounting to 12 percent of the UK population. External breaches jumped from 40 percent to 50 percent of the total number of incidents in the past 12 months, with phishing attacks (56 percent of external attacks) being the most common threat to legal firms.
"Legal data breaches impact more than one ten people in the UK, so it is imperative that firms continue to shore up their internal and external defences," says David Hansen, VP, compliance at NetDocuments. "At a time when the sector is continuing to digitalize, legal firms need to strike the right balance between keeping data secure, while still allowing their employees to collaborate and work productively."
Insider breaches still account for half of all reported data incidents and more than a third (39 percent) of internal breaches were deemed to be the result of human error. 37 percent of all data breaches occurred from sharing data with the wrong person (for example via email, post or verbally). 12 percent of all data breaches occurred from losing data (such as loss/theft of device containing personal data, or of paperwork or data left in an insecure location).
Almost half of all internal and external cases (44 percent) impacted customers, while 18 percent impacted employees. Beyond basic personal information (42 percent), the most common types of data breached were economic and financial data (13 percent), health data (10 percent), and official documents (10 percent).
"This new analysis firmly underlines that the legal sector can't ignore data protection. Firms handle sensitive documents every hour of every day, so maintaining security when introducing new technologies must remain the highest priority," Hansen adds. "Given the uptick in AI adoption, guardrails that mitigate against human error are also imperative. AI has the power to drive productivity and efficiency in the legal sector, but it must not compromise data security."
You can find out more on the NetDocuments site.
Image credit: AndreyPopov/depositphotos.com