Legal Business

Law firms report record £3.2m cybercrime theft in first quarter but prosecutions have fallen

UK law firms have reported a record 45 cases of cyber thefts to the Solicitors Regulation Authority (SRA) in the first quarter of this year, with £3.2m stolen through conveyancing and inheritance matters as well as from law firms’ own accounts – mainly through email modification fraud.

The number of crimes reported more than doubled the 21 recorded over the same period in 2016.

This sum stolen is three times more than the £1m cybercriminals stole in the first quarter of last year. The criminals conducted the theft mainly contacted firms’ internal staff from hacked accounts pretending to be executive figures within the firm and requesting clients’ financial details or money.

Prosecutions for cybercrime in the UK, however, fell in 2016, due to under-resourced police struggling to cope with the increasingly complex and growing threat from cyber-criminals and criminals, according to a separate report published by RPC. It said that the UK only has around 250 specialist cybercrime police officers.

Many cyber criminals are based outside the UK, often located in Russia and the Baltic states, according to the report, which makes it harder to secure prosecutions, even if they could locate and identify them.

Only 57 prosecutions under the Computer Misuse Act 2015 were carried out last year, despite 1.9m crimes reported in the period.

The SRA report published on 25 July revealed that the majority of the money stolen belonged to clients, with accounts targeted for conveyance and inheritance funds in more than half the cases.

Criminals targeted firms’ own money in a smaller portion of reported cases, but law firms were only obliged to report crimes to the SRA if clients’ money is lost, leaving more actual instances of cybercrime unreported.

An SRA spokesperson told Legal Business that law firms of all sizes were exposed, although the prevalence of conveyance transactions indicated that smaller-sized firms were mainly targeted for client money.

The spokesperson added: ‘There does not appear to be a local pattern to this. That is perhaps unsurprising given that a large proportion of these crimes relate to conveyancing transactions,’ a service provided throughout the country.

The report is likely to add to concerns over cybersecurity within law firms, after a major cyber malware attack on firm DLA Piper on 27 June pushed security up the agenda of City law firms.

In July, Legal Business reported that Magic Circle firm Linklaters had advertised for its first chief cybersecurity officer role.

Marco.cillario@legalbusiness.co.uk