Cyber attacks are on the increase, and no organisation is immune - ​Nick Warrillow

This has been reflected in our cyber security team’s workload in responding to a number of ransomware attacks on UK entities. There are some noteworthy trends, reflecting our first-hand experience of assisting clients in responding to recent incidents:

Law firms: The number of reported cyber attacks on UK law firms has increased by over a third over the past year. This increase is apparent in Scotland, where small-to-medium-sized legal firms have been targeted. This might reflect that law firms generally hold sensitive personal data, leading threat actors to consider them to be more likely to pay a ransom to avoid compromised data being published online.

Higher education and knowledge institutions: Attacks have also increased in this area. As has been well-publicised, the British Library is still encountering significant disruption from the cyber attack it suffered in October 2023. This is expected to persist for some time while it works to restore certain services. Like law firms, higher education institutions hold personal data for large numbers of individuals (students, employees, and third parties in their case) as well as often sensitive research data. Both universities and knowledge institutions are also frequently subject to budget constraints which make paying for advanced data security protection a challenge.

The increased level of cyber activity is not focused solely on the sectors identified above, and there have been a number of concerning headlines and warnings suggesting there is no sign of the heightened cyber risk receding.

In January, the National Cyber Security Centre warned that AI is already being used in malicious cyber activity and will likely increase the volume and impact of future cyber attacks, including ransomware attacks. More recently, analysts warned that cyber attacks linked to Chinese intelligence agencies are increasing in capability and frequency.

The UK and US governments accused a hacking group backed by China’s government spy agency of conducting a lengthy cyber campaign targeting high-profile individuals and businesses, and announced a series of linked sanctions.

These updates reflect the reality that no UK business is immune to the threat of attack. In Scotland, the Cyber and Fraud Centre – Scotland runs an Incident Response Helpline in collaboration with Police Scotland and the Scottish Government, with technical and legal incident response support provided by several trusted Scottish companies.

Burness Paull sits on the Centre’s Incident Response cadre and our cyber security team is available to assist any organisation which is the victim of a cyber incident in mitigating its effects. The Centre recently advised that the number of calls to its helpline had more than doubled from 123 calls in 2022/23 to 263 in 2023/24 – and said it expects this figure to rise further over the next year, particularly for ransomware attacks.

That update was underlined by NHS Dumfries and Galloway’s confirmation that some patients’ clinical data had been leaked online following a ransomware attack in March. The threat actor is understood to have threatened to publish 3 TerraBytes of data relating to patients and staff. These concerning developments underline the importance to UK businesses of taking all available steps to protect themselves, and the data they hold, from a potential attack, and being prepared in the (sadly inevitable) event of an attack occurring.

Nick Warrillow is a Director, Burness Paull