Insider Threats Responsible for 68% of UK Legal Data Breaches | Digital Guardian

The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Insider Threats Responsible for 68% of UK Legal Data Breaches

by Chris Brook on Thursday May 26, 2022

Contact Us
Free Demo
Chat

Data analyzed this week highlights the percentage of data breaches carried out by insiders at law firms in the U.K.

It’s still difficult to dismiss the effect that working from home and working remotely has had on insider data theft.

More than two years have passed since the World Health Organization initially declared COVID-19 a pandemic and with it, a shift to working from anywhere. That’s posed a challenge to administrators, many who had to turn on a dime, and learn how to protect corporate data beyond the office doors.

New numbers released this week highlight how serious the threat of insider-driven data loss has become for law firms, particularly those based in the United Kingdom.

At one point last year, more than two thirds (68%) of data breaches at firms were caused by insiders. NetDocuments, a document and email management service, looked at numbers from the Information Commissioner's Office (ICO) - the U.K.'s data protection watchdog - and found that the bulk of breaches in Q3 2021 stemmed from actions taken by insiders.

The rest of the breaches (32%) were caused by outside threats, like hacks.

It's important to note that as is usually the case with insider threats, the breaches don’t necessarily correspond to malicious actions taken by employees. Many of the breaches can be linked back to human error, like an employee botching an email send by failing to use blind carbon copy (bcc) or emailing documents of sensitive personally identifiable information (PII) to the wrong recipient.

The full scope of the data loss breaks down as follows:

  • 52 percent of data breaches in the legal sector occurred from sharing data with the wrong person (i.e., via email, post or verbally)
  • 25 percent of data breaches in the legal sector occurred from phishing attacks
  • 10 percent of data breaches occurred from losing data (i.e., loss/theft of device containing personal data, or of paperwork or data left in insecure location)
  • 54 percent occurred from human error (i.e., verbal disclosure; failure to redact or use bcc; alteration of data; hardware mis-configuration; documents emailed or posted to wrong recipient)

Having a solution in place to mitigate data loss and protect against the unauthorized removal of sensitive information, even if it's accidental - like data sent through email - can go a long way in preventing breaches like the aforementioned ones from occurring.

Tags: Data Breaches

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.