More than half of data breaches at UK legal firms were caused by insiders

January 11, 2024
London, United Kingdom
ndMAX introduces AI-powered solutions that address a range of legal workflows
securely inside NetDocuments, helping legal professionals responsibly adopt generative AI technology.
PatternBuilder MAX, the first product in the ndMAX AI suite, is in full production with select customers and will be widely available in Q3 2023.

Thursday, 11 January 2024, London, UK: Insider data breaches continue to pose a serious threat to the UK legal sector, according to NetDocuments. Based on analysis of the latest data from the Information Commissioner’s Office (ICO) covering Q3 2022 – Q2 2023, more than half (60 per cent) of identified data breaches in the UK legal sector were caused by insiders. By comparison, 40 per cent of data breaches came from outside threats, such as external malicious actors.


The findings show that, combined, data from legal firms relating to 4.2 million people was compromised – amounting to 6% of the UK population[1]. Almost half of the cases (49 per cent) impacted customers, and 13 per cent impacted employees. Basic personal information (49 per cent), economic and financial data(13 per cent), health data (10 per cent), and official documents (10 per cent)were the main types of data breached in the legal sector.


“Law firms and legal institutions handle vast amounts of sensitive and confidential information, which puts them at increased risk of cyber-attacks,” commented David Hansen, VP, Compliance at NetDocuments. “But it’s not just external threats like ransomware that law firms need to watch out for. Law firms must be vigilant to insider data breaches – whether intentional or accidental. This requires robust cyber security measures to govern access to documents, without hampering staff productivity.”


The analysis of the ICO data highlights the common causes of data breaches in the legal sector:

-         37 per cent occurred from sharing data with the wrong person (i.e., via email, post or verbally).

-         27 per cent occurred from phishing and ransomware attacks.

-         12 per cent occurred from losing data (i.e., loss/theft of a device containing personal data, or of paperwork or data left in insecure location).

-         39 per cent occurred from human error (i.e., verbal disclosure; failure to redactor use bcc; alteration of data; hardware misconfiguration; documents emailed or posted to the wrong recipient).


The findings underline the need for law firms to prioritise addressing threats from within, ensuring that only people with authorisation have access to certain documents and files.


“For law firms, guarding against insider threats is not just a matter of protecting data; it's a commitment to safeguarding client and employee confidentiality,” David Hansen continued. “Data Loss Prevention must be an essential part of cybersecurity strategies. Taking this proactive approach can help law firms fortify their defences and prevent exfiltration and the unauthorised or inappropriate use of data.”

[1]Based on ONS population data Overview of the UK population - Office for National Statistics (

# # #

About NetDocuments
NetDocuments is a leading cloud-based content management and productivity platform that helps legal professionals do their best work. Backed by over 25 years of experience in cloud innovation, NetDocuments offers a complete end-to-end platform for document and email organization and management, including award-winning automation and research capabilities; robust security, collaboration, and search technologies; seamless integrations with other tools professionals use daily; and a suite of large language model AI-powered solutions with the security and guardrails to manage responsibly. NetDocuments supports over 7,000+ law firms, corporate legal departments, and public sector entities globally. Learn more about NetDocuments.

©2024 NetDocuments Software, Inc. All rights reserved.

Media contact

Spark Communications
+44 (0) 20 7436 0420