The recent cyber attack on CTS, an IT services provider to hundreds of law firms, has brought the news of supply chain cyber attacks to the forefront of the public and businesses. It has now been a week since the attack and the systems are still offline causing huge disruption to numerous law firms’ operations and causing uncertainty and frustration among homebuyers. The cyberattack has left an estimated 80-200 UK law firms in limbo. With a knock-on effect on the property market, the issue understandably has buyers feeling uneasy and the market scrambling. It is has now been a week since the attack and there 



Major disruptions for Law Firms and home buyers

The cyber attack on CTS has significant consequences on law firms, the housing market and  home buyers who have been awaiting the finalisation of their home purchase. As a result of the attack, homebuyers are unable to complete their transactions due to inaccessible documents. Not only has this created undue stress for those in the buying process, but it has also resulted in deals falling through and removal companies being cancelled. The inability to access sensitive data is a major cause of concern for both buyers and law firms as they are unable to carry out necessary due diligence. This attack has demonstrated the wide-reaching impact of supply chain attacks on businesses and individuals, extending beyond the targeted company.


It is estimated that between 80-200 law firms have been affected by the attack, leaving them vulnerable. The Council for Licensed Conveyancers has urged affected law firms to keep other lawyers in the chain informed. The incident requires thorough analysis, and it is essential to ensure that data has not been compromised. The lack of access to data could potentially lead to malpractices and legal disputes. This highlights the importance of businesses maintaining open communication in times of crisis, particularly in supply chains. Proactiveness and transparency can prevent other parties in the supply chain from facing similar problems.


The need for third-party risk management and business continuity plans

Third-party cyber risk management and business continuity plans are essential in cases where an organisation is dependent on an outside party for critical operations. In the case of law firms, CTS is a critical dependency, and this attack has highlighted the need for an effective third-party cyber risk management strategy. For instance, law firms can regularly assess the security controls employed by their suppliers and ensure that regular security assessments are conducted.


Furthermore, businesses reliant on third-party vendors should have a comprehensive business continuity plan in place to minimise the effect of a cyber attack. The plan should be tested regularly to ensure effectiveness in case of an incident. By having such plans, firms can take prompt and effective action to mitigate risks and minimise the effects of an outage


This attack comes just a month after a ransomware attack on the storage servers of the multinational law firm Allen & Overy, raising awareness of the growing cyber threat faced by legal institutions. The fact that a Magic Circle law firm like Allen & Overy can fall victim to attacks highlights the sophistication and persistence of cybercriminals.



A wake up call to all industries

The attack on CTS and the impact it has caused on homebuyers and law firms is a wake-up call to all industries. Businesses need to be vigilant in protecting their supply chain and invest in cybersecurity to avoid any disruptions to their business operations and losses. Supply chain cyber attacks are a growing threat and must be addressed with seriousness. The need for open communication and transparency cannot be understated in such crises. It is important that Law firms now work together to prevent similar incidents and regain the trust of consumers in the housing market. The impact of a supply chain cyber attack goes far beyond just one business and can have long-term economic consequences.