Are Law Firms More Vulnerable To Cyber Crime Than UK Retailers?

Over 80% of UK retailers have noticed a substantial increase in cyber crime in recent years. In 2018, £162 million was lost to cyber criminality within the retail sector alone, prompting a 17% increase in cyber security resources.

According to the 2019 Retail Crime Survey, carried out by the British Retail Consortium (BRC), 80% of respondents viewed phishing and email fraud to be a major concern to the retail industry.

As more transactions take place digitally and businesses hold increasing amounts of sensitive customer information online, 50% of respondents were anxious about the persistent attempts to steal data.

Between 40% and 50% of respondents were becoming more concerned by impersonation attempts, whaling and web-based attacks that could spoof business domains.

Whilst incorporating DMARC or cyber certifications could help prevent email fraud, domain spoofing and raise awareness of cyber issues within a company, many businesses were still to fully embed these approaches.

In contrast, both the legal and retail sector were victims of Authorised Push Payment fraud according to the UK Finance report ‘Fraud the Facts 2019’.

In 2018, authorised push payment fraud (APP) (a scam whereby the criminal tricks their victim into sending money directly from their account to an account which the criminal controls) volume increased by 93%. In 2017, 43,875 attempts were made to convince individuals or businesses to part with their money. By 2018, as social engineering tactics and impersonation methods become more sophisticated, this number had grown to 84,624.

Unfortunately, the success rate of authorised push payment fraud is also on the rise with £354.3 million successfully stolen last year. This represents a significant increase from the £236 million extracted in 2017.

Malicious redirection fraud, which includes conveyancing fraud, was the third most popular type of APP in 2018, representing the greatest overall loss with £123.7 million being stolen in the UK last year and only £34 million being returned. The 7,544 malicious redirection scams completed, over 9,000 payments were made with an average individual loss of £20,750. These statistics highlight the importance of ensuring the people you are communicating with are legitimate.

Helen Dickinson OBE, Chief Executive of the British Retail Consortium, said: “The spiralling cost of retail crime – both in losses and the cost of prevention – are a huge burden to a retail sector that is already weighed down by the twin challenges of skyrocketing business costs and Brexit uncertainty.

“We hope this report will act as a catalyst for Police and Crime Commissioners around the country to take action. Retail crime should be explicitly addressed by Police and Crime Plans. Furthermore, Parliament must play its part in stemming this tide of crime by creating a specific criminal offence to protect retail employees from assault at work, as has been done for emergency workers.”

Clare Gardiner, the National Cyber Security Centre’s Director of Engagement, said: “The NCSC is committed to helping to improve the UK’s cyber security, which is why we have worked in partnership with the British Retail Consortium to produce the BRC Cyber Security Toolkit.

“Cyber attacks can have a huge impact, but to help potential victims pro-actively defend themselves we have published a range of easy-to-implement guidance on our website.

“Organisations can also share threat intelligence in a confidential way through the NCSC’s online Cyber Information Sharing Partnership (CiSP), which increases awareness to dangers and reduces the impact on UK businesses.”

Is your law firm prepared to withstand the relentless assault of cyber criminals? Are you able to repel email fraud attempts? Are your employees and colleagues aware of their responsibilities?