"68% of Legal Sector Data Breaches Caused by Insider Threats"

According to figures from the Information Commissioner's Office (ICO), more than two-thirds (68%) of data breaches at UK law firms are caused by insiders.  ICO Data focused on Q3 2021 was analyzed by researchers from NetDocuments.  The researchers found that just 32% of breaches in this sector were caused by outside threats, such as external malicious actors.  The researchers stated that the dominance of insider breaches during this period is believed to be linked to the "great resignation," whereby workers are changing jobs at an unprecedented rate amid the COVID-19 pandemic.  In industries like law, there is the danger of staff taking company data with them as they leave their roles.  The researchers also found that over half (54%) of data breaches in the legal sector were due to human error in this period.  This included documents being emailed or posted to the wrong recipient, failure to redact or use bcc on correspondence, and hardware misconfiguration.  Linked to this, 52% of breaches occurred from sharing data with the wrong person via email, post, or verbally.   The researchers noted that one in 10 (10%) incidents were attributed to data loss, such as loss/theft of devices containing personal data or of paperwork left in an insecure location.  The researchers stated that it is clear that law firms need to be extra vigilant and take proactive steps to gain control over how files are accessed and what users can do with them while at the same ensuring their staff remain productive.

Information Security reports: "68% of Legal Sector Data Breaches Caused by Insider Threats"