More than two thirds of data breaches at UK legal firms were caused by insiders warns NetDocuments

May 24, 2022
London, UK
ndMAX introduces AI-powered solutions that address a range of legal workflows
securely inside NetDocuments, helping legal professionals responsibly adopt generative AI technology.
PatternBuilder MAX, the first product in the ndMAX AI suite, is in full production with select customers and will be widely available in Q3 2023.

Data breaches caused by insiders remains a threat to the UK legal sector warns NetDocuments, the leading secure cloud-based content services platform for law firms, corporate legal teams, and compliance departments. Based on analysis of data from the Information Commissioner’s Office (ICO) from Q3 2021, 68 percent of identified data breaches in the UK legal sector (i.e., those where the origin could be identified) were caused by insiders, as opposed to only 32 percent caused by outside threats, such as external malicious actors.

At a time when the Great Resignation has created the “Great Exfiltration” whereby employees are leaving their jobs and taking their company’s data with them, the findings highlight the need for law firms to prioritise addressing threats from within and invest in the latest data security and governance controls.

“Given the sensitivity and vast amount of data that law firms manage, the legal sector is one of the most at-risk industries from both accidental and intentional insider data breaches,” comments Andy Baldin, VP of International Business at NetDocuments. “The shift to remote working and the advent of the ‘Great Exfiltration’ has only exacerbated the issue. It’s clear that law firms need to be extra vigilant and take proactive steps to gain control over how files are accessed, and what users can do with them, while at the same ensuring their staff remain productive.”

The analysis of the ICO data highlights the common causes of data breaches in the legal sector:

  • 52 percent of data breaches in the legal sector occurred from sharing data with the wrong person (i.e., via email, post or verbally)
  • 25 percent of data breaches in the legal sector occurred from phishing attacks
  • 10 percent of data breaches occurred from losing data (i.e., loss/theft of device containing personal data, or of paperwork or data left in insecure location)
  • 54 percent occurred from human error (i.e., verbal disclosure; failure to redact or use bcc; alteration of data; hardware mis-configuration; documents emailed or posted to wrong recipient)

"Whether malicious or through careless actions, data breaches can cause huge financial and reputational damage,” continues Baldin. “Law firms should look to prioritise Data Loss Prevention as part of their overall cybersecurity strategies. This will ensure that they have an extra line of defence when it comes to preventing exfiltration and the unauthorised or inappropriate use of data."

NetDocuments recently held a webinar on firms keeping secure amidst the Great Resignation. A link to the recording can be found here.

# # #

About NetDocuments

NetDocuments is the world’s #1 trusted cloud-based content management and productivity platform that helps legal professionals do their best work. Backed by over 20 years of experience in cloud innovation, NetDocuments supports over 4,000 law firms, corporate legal departments, and public sector entities with solutions that drive better user experiences and business outcomes. NetDocuments offers a complete end-to-end platform for document and email organization and management, including award-winning security and research capabilities, robust collaboration and search technologies, seamless integrations with other tools professionals use daily, and much more. Learn more about NetDocuments.


Media contact

Sparks Communications

Envision Agency

+44 (0) 20 7436 0420

# # #