Navigating the storm: Gallagher’s real-life cyber incident workshop for law firms
Johnty Mongan, global head of cyber risk management at Gallagher, shares the lessons learned from a cyberattack simulation and how law firms can mitigate against the significant human, operational and financial toll of cyber breaches
In today’s digital age, the threat of cyber-attacks looms large over every industry, and law firms are no exception. With sensitive client data, confidential case files and reputational integrity at stake, the legal sector is a prime target for cybercriminals. To help firms better understand and prepare for the complexities of a cyber incident, Gallagher recently hosted an immersive workshop that placed participants in the eye of the storm.
Led by Gallagher’s Johnty Mongan, global head of cyber risk management, and Georgia Price–Hunt, global head of sales at cyber risk management, the session was designed to simulate a real-life cyberattack scenario. The goal? To provide attendees with a hands-on experience of navigating the chaos, decision-making and consequences that follow a cyber breach.
The scenario: a law firm under siege
The workshop began with a seemingly innocuous event: the first notification of a potential incident. A USB device, plugged into a workstation, became the entry point for a sophisticated ransomware attack. From there, the situation escalated rapidly. The ransomware moved laterally across the network using server message block (SMB) protocols, exploiting the fact that local admin passwords on laptops had not been changed.
Within hours, the ransomware had encrypted all domain-joined laptops, effectively paralysing the firm’s operations. As the IT team scrambled to assess the damage, the threat actors made their presence known, initiating direct communications with the firm’s partners. The attackers claimed to have exfiltrated 11 terabytes of data, including sensitive accident files and special category data, and demanded a ransom of $2 million in cash.
The human factor: stress and decision-making under pressure
The human toll of the incident quickly became apparent. The firm’s IT Manager, overwhelmed by the pressure and responsibility, went off with stress, leaving the partners to grapple with the unfolding crisis. Discussions turned to whether the firm could even consider paying the ransom demand. However, the attackers were identified as part of the LockBit Black ransomware group, a sanctioned entity, making payment legally and ethically untenable.
As if the situation wasn’t dire enough, the attackers tipped off the media, leading to public exposure of the breach. The firm now faced not only operational paralysis but also reputational damage and the looming threat of privacy class action lawsuits.
The aftermath: tough choices and long-term consequences
With no viable option to pay the ransom, the firm turned to its backups to restore operations. While this decision avoided direct payment to the attackers, it came at a cost: five days’ worth of data was irretrievably lost. The firm was left to navigate the long tail of the incident, including potential regulatory fines, client trust erosion, and the financial and reputational impact of privacy lawsuits.
Lessons learned: the value of preparation
The workshop underscored the critical importance of preparation, resilience, and swift decision-making in the face of a cyber crisis. Participants walked away with a deeper understanding of the multifaceted challenges posed by ransomware attacks, from technical vulnerabilities to human factors and legal considerations.
Mongan emphasised the importance of proactive risk management: “Cyber resilience isn’t just about technology; it’s about people, processes, and preparation. This workshop is designed to help organisations understand the full scope of what a cyber incident entails and equip them with the tools to respond effectively.”
Price–Hunt added: “Law firms are custodians of some of the most sensitive data out there. This workshop is a wake-up call for firms to assess their vulnerabilities and invest in robust cyber risk management strategies.”
A call to action
Gallagher’s workshop served as a stark reminder that no organisation is immune to cyber threats. For law firms, the stakes are particularly high, and the cost of inaction can be devastating. By simulating a real-life scenario, Gallagher provided a safe yet impactful environment for participants to learn, adapt, and prepare for the challenges of a digital-first world.
As the legal sector continues to navigate an increasingly complex threat landscape, Gallagher remains committed to supporting firms with tailored cyber risk management solutions. After all, in the face of a cyber storm, preparation is the best defence.
For more information on how Gallagher can help your organisation build resilience against cyber threats, contact our Cyber Risk Management team today.
