If LockBit has asked for a figure, there are a range of perspectives on what that could look like. One partner at a top U.K. firm commented that, typically, with a firm of A&O’s size, hackers would identify between 2% and 3% of global turnover as a “starting point”.
In A&O’s case, that could mean a figure of between £42 million and £62 million.
However, others are less sure that a ransomware group like LockBit would necessarily demand such a large sum of money.
Joanne Vengadesan, a partner at Penningtons Manches Cooper who specialises in technology transactions and data protection, said that hackers can operate like businesses, in that “they are looking for the quick win”.
“Sometimes it can boil down to calculating ‘what will someone reasonably pay without too much hassle’,” she said. “Often that means a figure which is somewhere in the middle of what is significant to a ransom group and what is manageable from a law firm IT budget perspective.”
Law firms have, in recent years, been high-profile targets for cyber attacks—understandably, given their financial strength and collection of sensitive data.
‘Enforcement 40’ for 2020
Join Us On LinkedIn
Join the Securities Litigation and Enforcement Group on LinkedIn