Cybersecurity remains a critical focus for the legal sector as it seeks to protect sensitive client data and maintain professional integrity.
- The Law Society and Bar Council launched a Cybersecurity Working Group following significant cyberattacks in 2021.
- The group developed a comprehensive Information Security Questionnaire to evaluate and enhance security measures.
- A second version of the questionnaire was released with additional security topics, alongside a new voluntary Cyber and Information Security Affirmation.
- These initiatives aim to fortify baseline security controls, ensuring trust through robust protection of shared information.
Cybersecurity remains a primary concern for the legal sector as it endeavours to safeguard sensitive client information and uphold its professional reputation. In response to notable cyberattacks on barristers and their chambers in 2021, the Law Society and the Bar Council established a Cybersecurity Working Group. This initiative, comprising representatives from solicitors, barristers, and information security experts, aims to proactively tackle these cybersecurity challenges.
A significant outcome was the creation of the Information Security Questionnaire, introduced in 2022, which comprises 24 questions addressing essential security areas. The questionnaire serves dual purposes: to aid chambers in implementing appropriate base controls and to amplify awareness regarding the critical need for robust security measures. Widely adopted across the legal market, it has played a pivotal role in reducing cyberattacks on barristers and their chambers.
However, as cyber threats continue to evolve, so must the legal sector’s defences. In May, the Cybersecurity Working Group released an updated version of the questionnaire, incorporating new security topics to keep pace with changing threats. For the first time, the group also introduced a voluntary Cyber and Information Security Affirmation. This document can be attached or appended from a case management system to instructions to barristers, acting as a reminder to protect shared data effectively.
The introduction of the questionnaire and affirmation aims to establish a strong baseline for understanding and applying security controls to protect shared information. Although these tools cannot eliminate all risks, they are instrumental in maintaining client trust by ensuring the protection of their information and the delivery of high-quality legal services.
Through proactive measures such as security questionnaires and affirmations, the legal sector is actively fortifying its cybersecurity framework to protect client data.
