Skip to main content

The impact of the pandemic on data breaches reported by the Legal Sector

Global FINEX - Professional Indemnity Insurance

Cyber Risk Management|Financial, Executive and Professional Risks (FINEX)

By Joanne Cracknell | November 16, 2021

Statistics show an increase in cyber attacks during the pandemic. Businesses should ensure that everyone is reminded of the legislative obligations for client confidentiality.


The last 18 months saw law firms quickly adapting their IT infrastructures in response to the coronavirus (COVID-19). The Government imposed lockdown restrictions expedited any IT investment programmes to ensure businesses could support their entire workforce and their clients. With many of these changes expected to remain post pandemic and it is envisaged that the use of artificial intelligence (AI) and emerging technologies are increasingly being used by all businesses, not just the legal sector1 it is inevitable that the security of data will be vulnerable to the threats from cybercriminals but also as a result of human error.

With the increase in reliance on IT and data breaches occurring frequently2 the need to protect businesses, their staff and their clients from data breaches becomes of paramount importance. The latest report published by IBM suggests that during the pandemic the cost of a data breach hit recordlevels3. This article will examine the data breaches reported by the legal sector to the Information Commissioner’s Office (ICO) during the pandemic.

Law firms handle financial transactions daily often involving large amounts of money and containing valuable sensitive client information and must satisfy both regulatory and legislative obligations in order to protect client monies, and to keep client affairs confidential4. They must report certain personal data breaches to the ICO within 72 hours of becoming aware of such breaches where feasible. The ICO publishes quarterly reports on data breaches that have been reported to them and this includes specific reports from the legal sector.

Now is a good time to ensure that everyone is reminded of their regulatory and legislative obligations around keeping client affairs confidential and provide everyone with regular and tailored training including senior management as this will reinforce the message about the seriousness of data breaches and businesses ability to react accordingly in the event of such incidents arising.

To continue reading please download the report for the full insight below.


1 The Law Society. (2021). Future Worlds 2050: images of the future worlds facing the legal profession 2020-2030. Retrieved from: camp=5C0FE0D28B474F6BA2EE374CB3EE601B

2 National Cyber Security Centre. (2021). Introducing data breach guidance for individuals and families. Retrieved from: blog-post/introducing-data-breach-guidance-for-individuals-and-families and Department for Digital, Culture, Media & Sport (2021). Cyber Security Breaches Survey 2021. Retrieved from the Gov.UK’s website: attachment_data/file/972399/Cyber_Security_Breaches_Survey_2021_Statistical_Release.pdf

3 IBM. (2021). How much does a data breach cost?. Retrieved from:

4 Paragraphs 4.2 and 6.3 of the SRA Code of Conduct for Solicitors. Retrieved from: and paragraphs 5.2 and 6.3 of the SRA Code of Conduct for Firms. Retrieved from


Associate Director - Finex PI UK Legal Services

Contact Us