57% of sensitive data uploaded to generative AI tools is classified as business or legal data, with 35% of that involving contract or policy drafting.

The legal sector recorded 79 attacks, its highest level yet, in Q3 2025.

85% of UK IT leaders in the legal sector report exposure to email-related incidents.

60% of organizations in the legal sector experienced email incidents, yet only 41% feel very confident in their compliance posture.

31% of organizations are currently facing legal consequences as a result of a mobile app security breach.

Only 12% of companies feel "completely prepared" to address the global patchwork of data privacy laws.

33% of respondents were subjected to legal or regulatory consequences due to compromised data as a result of device theft.

87% of respondents said their organisation provided privacy awareness training for employees.

61% track the number of employees who have completed privacy training.

57% of respondents believed the demand for technical privacy roles would increase in the next year.

68% of respondents said that addressing privacy with documented privacy policies, procedures, and standards was mandatory.

70% of privacy professionals interact with legal and compliance.

31% plan to use AI for privacy in the next 12 months.

38% of respondents believed their legal/compliance privacy team was understaffed.

48% perform a privacy impact assessment to monitor their privacy programs.

14.88% of sensitive data input into GenAI tools was legal and finance data, such as information on Sales Pipeline Data, Investment Portfolio Data, and Mergers and Acquisitions.

29% of respondents indicated that more than half of legal/compliance privacy applicants were well qualified for the role.