FOI data reveals 157 devices lost or stolen in one year, underscoring ongoing risks to sensitive legal information
The Government Legal Department (GLD), responsible for delivering legal advice and representation to the UK government, intercepted close to 6 million malicious emails between May 2024 and April 2025. The figures expose the increasing cyber threat landscape facing critical public sector institutions.
According to data obtained via a Freedom of Information (FOI) request and analysed by the Parliament Street Think Tank, the GLD faced an onslaught of 5,904,287 spam emails, 15,852 phishing attempts, and 1,565 malware threats over the 12-month period—revealing the scale and persistence of digital attacks on government legal services.
The data, obtained through a Freedom of Information (FOI) request and analysed by Parliament Street Think Tank, reveals the scale of digital threats targeting the UK government’s in-house legal team between May 2024 and April 2025, with 5,904,287 spam emails, 15,852 phishing emails, and 1,565 malware threats stopped at the gate.
In addition to this relentless wave of malicious emails, a recent FOI request revealed that the GLD faced significant physical security challenges over the past year, reporting 157 lost or stolen devices.
The data discloses that 94 laptops, 8 tablets, and 55 phones were lost or stolen between May 2024 and April 2025, with a total replacement cost of £94,695. Each lost or stolen device presents a potential gateway for data breaches, significantly increasing the risk of sensitive information exposure or further cyberattacks.
On top of this, the GLD confirmed it holds no records of email filtering, blocking, or lost and stolen devices for the previous two years, raising concerns over cybersecurity monitoring and data continuity across government bodies.
As the government’s primary legal advisor, the department handles confidential information related to national security, complex litigation, and regulatory matters. Any breach or successful cyberattack could lead to severe legal and security consequences, undermining public trust and potentially impacting government operations.
John Lucey VP EMEA at Cellebrite, commented – “Keeping sensitive data safe in government agencies must be a top priority –not just to stop breaches, but also to protect the UK’s legal system, which depends on secure and reliable evidence to fairly trial criminal cases.”
“The large number of malicious email attacks shows how urgently we need resilient cybersecurity measures and advanced digital investigation tools. As cyber threats grow, digital forensics become crucial for catching criminals and collecting evidence that can be used in court. Protecting legal institutions means not only preventing attacks but also being ready to respond quickly when breaches happen, so digital investigations can be carried out fairly and without interruption.”
Arkadiy Ukolov, Co-Founder and CEO of Ulla Technology Ltd commented: “These figures underline the relentless cyber threats targeting key government institutions. As professionals across law, government, and accounting increasingly rely on digital tools and AI to stay productive, many are unknowingly exposing sensitive data through third-party platforms and unsecured systems. Spoken in at the event”
“Protecting this information demands a shift toward privacy-first digital infrastructure — where data remains under the user’s control and is processed securely. Tackling modern cyber risks requires not just advanced technology, but also staff awareness, proper training on the use of AI, and a robust, enclosed IT environment. In today’s threat landscape, operational efficiency must go hand in hand with uncompromising data security.”
Sawan Joshi, Group Director of Information Security at FDM Group, commented:
“This data highlights the sheer volume and sophistication of cyber threats now facing public sector organisations. Government departments like the GLD are high-value targets due to the sensitive legal and national security information they manage. To build true cyber resilience, government bodies must prioritise continuous training and investment into cyber talent. Technology is vital, but it’s the skills and preparedness of people that ultimately determine how effectively threats are mitigated, and sensitive data is safeguarded.”
