The SRA has issued guidance to law firms on cybercrime to highlight an emerging risk and support law firms in taking appropriate actions to protect themselves, their clients and the wider public interest.
The paper sets out the risks that result from cybercrime and practical examples of how it has affected law firms and other professional service providers. A range of measures that firms can take to protect themselves and their clients is also summarised.
Under Principle 10, regulated firms have a responsibility to ‘protect client money and assets’. Cybercrime presents a significant risk to clients and their assets, including information and money.
As a result, cybercrime also presents a risk to Outcome 4.1, which requires that law firms ‘keep the affairs of clients confidential unless disclosure is required or permitted by law or the client consents’.
The impacts of cybercrime may also lead to a negative impact on the structural or financial stability of a law firm. Therefore, managing this risk effectively is in the best interest of your firm. Responsibility to manage this risk is also aligned by Principle 8, which states:
‘run your business or carry out your role in the business effectively and in accordance with proper governance and sound financial and risk management principles’.