As we reflect on the cybersecurity landscape of the past year, it’s clear that the threat environment is not only evolving but also intensifying. In fact, NCC Group released some startling numbers about 2023 and those who are responsible for security awareness training in law firms should take note.

Matt Hull, the Global Head of Threat Intelligence at NCC Group, shed light on a concerning trend that unfolded in 2023. Despite significant law enforcement efforts to dismantle criminal networks, including those behind key ransomware operations and entities acting on behalf of foreign intelligence, there was still an unprecedented surge in cyberattacks. 

“We saw several examples of coordinated law enforcement action against criminal groups including key ransomware operators and individuals believed to be acting on behalf of foreign intelligence services… However, despite this, we saw the highest volume of ransomware victims NCC Group has ever recorded with an 84% increase in 2023 alone. The sheer volume of attacks and different types of victims proves that no organization is safe.”

Matt Hull, NCC Group, Global Head of Threat Intelligence

(Screenshot from the NCC Group’s report.)

The NCC Group recorded an 84% increase in ransomware victims in 2023—the highest in their history. This surge underscores a stark reality: no organization, regardless of its size or sector, is immune to cyber threats.

The statistics from the NCC Group’s Threat Monitor Report for 2023 paint a vivid picture of the escalating cyber threat landscape. The number of incidents soared from 2,531 in 2022 to a staggering 4,667 in 2023. This sharp increase is even more alarming when considering that 2022 actually saw a 5% decrease in incidents compared to the previous year. The average monthly attack rate in 2023 stood at 389, nearly doubling from 211 in 2022.

For law firms, these figures are not just numbers but a wake-up call. The sensitive nature of the information you handle, coupled with the legal industry’s intricate network of communications, makes law firms particularly attractive targets for cybercriminals. The increasing sophistication and volume of cyberattacks necessitate a robust and multi-faceted security strategy. A critical component of this strategy is security awareness training in law firms.

Savvy Partners with KnowBe4 to Deliver Security Awareness Training in Law Firms

Savvy Training & Consulting is a preferred provider of KnowBe4 security awareness training for the legal industry. We have helped law firms implement the KnowBe4 training system and deliver huge phishing reductions as a result.

KnowBe4’s easy-to-implement platform integrates baseline testing using mock attacks, engaging interactive web-based training, and continuous assessment through simulated phishing, vishing and smishing attacks to build a more resilient and secure organization. 

Security awareness training empowers employees by equipping them with the knowledge and skills to recognize and respond to cyber threats effectively. It transforms the workforce from a potential liability into a formidable first line of defense. Given the evolving tactics of cyber adversaries, continuous and updated training is essential to stay ahead of emerging threats.

The Future Looks Risk-Riddled… Unless You Prepare

Looking ahead to 2024, the trajectory of cyber threats, particularly ransomware attacks, is expected to continue its upward trend. The lessons learned from 2023 highlight the importance of preparedness and proactive measures. Law firms must invest in comprehensive security awareness programs that cover the latest cyber threats, attack vectors, and safe computing practices. Regular training sessions, simulations, and assessments can significantly enhance the firm’s resilience against cyber threats.

The unprecedented surge in cyberattacks in 2023 serves as a stark reminder of the ever-present and evolving cyber threats facing the legal sector. As we navigate through 2024, the importance of security awareness training cannot be overstated. Law firms must prioritize and integrate it into their overall cybersecurity strategy to protect their sensitive data, safeguard their reputation, and ensure the trust of their clients. Now is the time to act and prepare for the challenges that lie ahead.

Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be to check this box on your cyber insurance application! KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.