With the release of the Panama Papers—where some 11.5 million documents detailing sensitive financial and attorney–client information were leaked—and confirmation of a “limited breach” last summer from leading U.S. law firm Cravath Swaine & Moore, it’s no surprise that there’s a strong, growing focus on cyber security for law firms.
This theme recently emerged as a major talking point at the 14th Annual Legal Malpractice and Risk Management Conference earlier this year in Chicago—and with good reason. As Steven M. Puiszis described in his piece from this conference, “Prevention and Response: A Two-Pronged Approach to Cyber Security and Incident Response Planning,” the real issue isn’t whether a law firm will suffer a cyber intrusion, but rather when and what type.
Law firms were ranked as the seventh most vulnerable industry according to Cisco Systems, Inc.’s 2015 Annual Security Report, which details cyber threat intelligence and trend analyses. And yet, many law firms still have not taken the precautionary measures to protect their data.
According to experts, targets in the legal realm are understandably attractive to criminals, foreign governments, adversaries and intelligence entities, given the treasure trove of information they possess.
And this isn’t an emerging issue. Cyber breaches have been occurring at law firms for more than a decade—and the bad guys aren’t getting any less sophisticated. In fact, it’s reported that one in four firms with over 100 attorneys had experienced a breach at some point, according to the American Bar Association.
Cyber breaches have been occurring at law firms for more than a decade—and the bad guys aren’t getting any less sophisticated.
The ramifications of a cyber breach are many and long lasting. It is embarrassing, expensive and ultimately damaging for a firm to suffer.
In a study conducted by the Ponemon Institute and IBM, the average cost of a data breach for an organization was approximately $4 million. Obviously, this figure will scale itself according to the size of an operation, however, this doesn’t help the fact that there has been a 29 percent increase in the number of these types of attacks since 2013.
And let’s not forget the lasting ramifications of all those not-so-happy customers who learn that their sensitive information had been compromised. As a result, a number of clients now ask firms to provide a security audit or verification of the firm’s security practices.
With this in mind, it’s crucial to take the necessary steps to engage a proactive approach against these types of attacks.
Law firms—big and small—are encouraged more and more to have a security breach response plan in place. There’s a few important components to this concept that we will address in future posts, but for now just understand that this isn’t just a good thing to have. It’s absolutely necessary to protect your business, your clients and everything you have worked for.
You may have questions. That’s good. You might even have your own stories or situations you would like to share. Let’s hear about it. We’re passionate about this topic, and we would love to continue this conversation. Please reach out to our experts and connect with us. We want to help.
And stay tuned for an upcoming risk management seminar on this topic scheduled for October 6—more info on that soon!