A fifth of UK law firms have been targeted by hackers in the last month, a report published today claims.
Other researchers have also found that no more than a quarter of UK law firms are prepared for beefed up data protection rules that come into force next year.
Those combined factors suggest that many of the country’s medium-sized law firms are in danger of falling foul of the legislation, which would incur severe penalties. Parts of the EU’s forthcoming General Data Protection Regulation (GDPR), which comes into force on May 25 next year, involve maximum fines of €20 million or 4 per cent of annual turnover.
The survey of technology chiefs at 150 law firms with annual revenues of at least £10m showed that fewer than a third said their firms were compliant with cybersecurity legislation.
Steve Harrison, a director at Century Link, the technology company that commissioned the research, said: “Every time a law firm faces an attempted cybersecurity attack their infrastructure, data and customers’ data, as well as their reputation, is at risk of being compromised. That risk grows as companies have to offer more online services and flexible remote working options for staff in order to be competitive in today’s digital world.”
The City of London office of Bryan Cave, a US law firm, said that a survey of several hundred retail websites found that all failed to comply the forthcoming EU rules. Lawyers tested 284 UK retail sites over September and October, measuring them against a range of GDPR compliance factors, including cookie banners and policies, online legal notices, terms and conditions, shipping, order cancellation and returns provisions, and consent mechanisms at the point of registering to use the websites.
All of the websites surveyed were found to be inadequate against one or all of those measurements.
“Customer data is at the core of a retailer's business and the incoming changes in data privacy laws will have significant ramifications for these businesses,” Carol Osborne, the firm’s managing partner in London, said. “The worst case scenario is that previously collected customer data will be unavailable for use after May 2018 without risking substantial fines.”