Monthly Threat intelligence, cyber security and regulation news – straight into your inbox. Sign up to our newsletter

Reports

Professional Services: Cyber Resilience 2025

Download the Report

AI and Overconfidence Undermining Professional Service Resilience

Our research reveals a significant 88% of employees across Professional Services have personally been a victim of a cyber attack at work (the highest when compared with other industries including Healthcare, Financial Services and Manufacturing). Outside of our own research, as part of our wider look at the challenges that the sector is facing, we discovered that 65% of law firms have been victims of a cyber incident, according to a Cert-UK report revealed earlier this year. Shockingly, a third (33%) still don’t have a cyber mitigation plan in place. 

We’ve unveiled a major headache for cyber risk owners; that 78% of employees in Professional Services admit they’ve seen a colleague breach cyber security practice.

Emerging technology is also a big concern for cyber risk owners, with 82% across Professional Services either ‘very’ concerned or ‘somewhat’ concerned about AI. With employees under pressure to deliver to clients, the possibility of using AI is tempting – potentially leading to use of unauthorised software that breaches security policies. 

With all this in mind, cyber risk owners in the Professional Services sector are demonstrating a dangerous level of overconfidence about their defences, versus the reality of employees experiencing first hand their colleagues breaching policies.  

This report reveals:

  • Where the overconfidence lies
  • Where the gaps are in employee security compliance &  why this might be
  • What cyber risk owners can do to close the gaps – both in employee knowledge, and the sense of collective responsibility required to build a truly resilient business.

Cyber Resilience Report Series 2025

Healthcare Resilience 2025 Report
Futureproofing AI Adoption 2025
Financial Service Resilience 2025