More than two-thirds (68%) of data breaches at UK law firms are caused by insiders, according to official figures from the Information Commissioner’s Office (ICO).
ICO Data focused on Q3 2021 was analyzed by NetDocuments. It found that just 32% of breaches in this sector were caused by outside threats, such as external malicious actors.
The dominance of insider breaches during this period is believed to be linked to the ‘great resignation,’ whereby workers are changing jobs at an unprecedented rate amid the COVID-19 pandemic. In industries like law, there is the danger of staff taking company data with them as they leave their roles.
Over half (54%) of data breaches in the legal sector were due to human error in this period. This included documents being emailed or posted to the wrong recipient, failure to redact or use bcc on correspondence and hardware misconfiguration. Linked to this, 52% of breaches occurred from sharing data with the wrong person via email, post or verbally.
One in 10 (10%) incidents were attributed to data loss, such as loss/theft of devices containing personal data or of paperwork left in an insecure location. Finally, a quarter (25%) were caused by phishing attacks.
Commenting on the figures, Andy Baldin, VP of international business at NetDocuments, stated: “Given the sensitivity and vast amount of data that law firms manage, the legal sector is one of the most at-risk industries from both accidental and intentional insider data breaches.
“The shift to remote working and the advent of the ‘great exfiltration’ has only exacerbated the issue. It’s clear that law firms need to be extra vigilant and take proactive steps to gain control over how files are accessed, and what users can do with them, while at the same ensuring their staff remain productive.”
Earlier this year, a study by Proofpoint found that the volume of insider threats grew by 44% in 2021, driven by the shift to home working during COVID-19.