Solicitors Regulation Authority reveals solicitor cyber thefts are rocketing, triggering fresh advice to insurers about their proposal forms

solicitor cyber thefts

Solicitor cyber thefts are rocketing, triggering fresh advice to insurers about cyber security questions they should have on their proposal forms for solicitors’ insurance. 

The Solicitors Regulation Authority (SRA) has revealed it is getting notice of 40 confidentially breaches a month.

Money stolen by scammers has tripled to £3.2m in the first quarter of this year compared to the same time last year, says the SRA.

For the total year, from April 2016 to March 2017, the SRA says £11m was taken from its regulated firms by cyber tricksters. 

Around three-quarters of thefts involve some form of email hacking fraud, where criminals modify emails and alter bank details so funds go to the criminal.

SRA boss Paul Philip, speaking as the organisation released its risk outlook report for 2017/2018, said: “The threats of criminals using IT to steal client’s funds is an increasing problem. It is important that law firms develop a culture where cyber security is treated as a serious priority, and take sensible steps to warn their clients about the risks.”

Law firm DWF has responded to rising cyber crime figures by advising that insurers make sure they have a robust proposal form dealing with cyber security when indemnifying law firms.

DWF said: “Given the potential exposure to cyber theft from client accounts, insurers should enquire about solicitors’ cyber security on their proposal forms. For example, insurers should obtain details of:

  • The nature and volume of all client account transactions (including details of how are electronic/paper)
  • How the firm’s financial records are stored and protected
  • The security protocols or processes to protect the client account from a cyber threat
  • Any previous cyber breaches in the firm
  • The firm’s computer network and data security (and what elements are outsourced)
  • Steps taken to protect data and computer devices, servers and networks
  • Steps taken to monitor, detect and potentially prevent unauthorised access.”

Solicitors aren’t the only profession being ravaged by cyber crime. Earlier this month, Insurance Times reported that farmers are in need of cyber insurance as hacks surged. 

CASE STUDIES (Released by SRA in their risk outlook report)
Email breaching client confidentiality A paralegal was banned at working for law firms after breaching client confidentiality.They sent two emails to a former colleague, now working at another law firm, attaching documents relating to two clients. The other law firm was not involved in either of their matters. In banning him from further work in law firms without our permission, we found that he had sent the emails when it “was not required for the proper and effective representation of his clients.”
Identity fraud against staff after phishing scam A large law firm’s HR department received an email from a senior executive asking for staff payroll information. It responded with the details the executive asked for, which included names and financial information. A short time later, some employees of the firm began reporting that they had been victims of identity fraud. The firm looked into this and found that a large proportion of their staff had been targeted. The firm investigated, and learned about the email to the HR department. This had not been from the executive named, and had in fact been a “CEO fraud” phishing scam.


To register your interest email at