UK legal data breaches surged 39%, exposing 7.9M records. Human error remains a key factor. How can firms strengthen security?

UK Legal Data Breaches Rise 39% in One Year

A new analysis of data from the Information Commissioner’s Office (ICO) by NetDocuments has revealed a sharp increase in data breaches across the UK legal sector. In the period between Q3 2023 and Q2 2024, the number of identified data breaches in the UK legal sector rose by 39% (2,284 cases were reported to the ICO, compared to 1,633 the previous year). Data relating to 7.9 million people was compromised, amounting to 12% of the UK population.

External breaches jumped from 40 percent to 50 percent of the incidents in the past 12 months, with phishing attacks (56 percent of external attacks) being the most common threat to legal firms. However, insider breaches still accounted for half of all reported data incidents and more than a third (39 percent) of internal breaches were deemed the result of human error.

“Legal data breaches impact more than one in ten people in the UK, so it is imperative that firms continue to shore up their internal and external defences,” said David Hansen, VP of Compliance at NetDocuments. “At a time when the sector is continuing to digitalise, legal firms need to strike the right balance between keeping data secure while still allowing their employees to collaborate and work productively.”

NetDocuments’ analysis of ICO data highlights the most common causes of internal data breaches in the legal sector:

  • Overall, 39 percent of all data breaches resulted from human error (e.g., failure to redact or use bcc, alteration of data, hardware misconfiguration).
  • Thirty-seven percent of all data breaches resulted from sharing data with the wrong person (e.g., via email, post or verbally).
  • Twelve percent of all data breaches occurred from losing data (e.g., loss/theft of a device containing personal data or paperwork or data left in an insecure location).

Almost half of all internal and external cases (44 percent) impacted customers, while 18 percent impacted employees. Beyond basic personal information (42 percent), the most common types of data breached were economic and financial data (13 percent), health data (10 percent), and official documents (10 percent).

“This new analysis firmly underlines that the legal sector can’t ignore data protection. Firms handle sensitive documents every hour of every day, so maintaining security when introducing new technologies must remain the highest priority,” David Hansen continued. “Given the uptick in AI adoption, guardrails that mitigate human error are also imperative. AI has the power to drive productivity and efficiency in the legal sector, but it must not compromise data security.”

About NetDocuments
NetDocuments enables legal professionals to do their best work with an intelligent document management system (DMS) that goes beyond getting organised and brings seamless AI, powerful workflows, and smarter experiences to life. The #1 trusted cloud-native DMS for 25+ years. NetDocuments delivers tools to make work easier throughout the document lifecycle — from award-winning automation and AI to email management, search, collaboration, document bundling, advanced security, and more. 

The platform also integrates with 150+ other technologies, including Microsoft 365, DocuSign, and practice management systems, making it a core solution that meets users wherever they work.

Supporting more than 7,000 law firms, corporate legal departments, and public sector organisations worldwide, NetDocuments is recognised as one of America’s fastest-growing private companies, appearing on the Inc. 5000 list for three consecutive years.

Back to blog