Summary: The ABA’s recent law firm survey exposes widespread ignorance over information security.
The ABA’s 2015 Legal Technology Survey contains 700 pages of data points regarding technology and security, and lays out one of the biggest vulnerabilities firms face: information security breaches. The survey also demonstrates most lawyers don’t consider data security to be a major threat.
Earlier this year Citibank warned that “it is reasonable to expect law firms to be targets of attacks by foreign governments and hackers because they are repositories for confidential data on corporate deals and business strategies.”
Specifically, firms with 100 lawyers or more serve as prime targets for data breach.
Nevertheless, of those 880 lawyers surveyed, only 11.4 percent said their firms have cyber liability insurance. Eighty percent didn’t even know if their firm had the coverage. Furthermore, 52 percent of firms with over 100 attorneys were ignorant as to whether a client had ever asked to verify security practices or conduct a security audit.
According to attorney Vincent Polley, “There are two types of law firms: those that know they’ve been hacked and those that do not.” Attorneys have inside information on mergers, patents, and other important business deals. Data breaches can be damaging and costly, and may even destroy attorney-client privilege.
“There is no question that law firms are among the companies being targeted by cyber criminals,” says Shane Sims, a director in PwC’s Forensic Services Group. Mary Galligan, the former Special Agent in Charge of Cyber and Special Operations at the FBI’s New York City office adds, “As financial institutions in New York City and the world become stronger, a hacker can hit a law firm and it’s a much, much easier quarry.”
According to Zerofox, there are four main types of hackers who target law firms: (1) state-sponsored organizations who attack firms because they are seeking advanced technological knowledge for their government or they want to derail certain mergers and acquisitions to support their “national best interest,” (2) organized crime syndicates such as “The Mob” who hack people and use the information for extortion, (3) activists like Anonymous and LuzSec who take over accounts to advance a political agenda, and independent hackers who invade networks for fun, revenge, notoriety, or profit.
Hacking and other information breaches are on the rise at law firms. The new ABA survey illustrates many attorneys are ignorant of the risks or simply don’t care. However, a growing number of corporate clients are demanding their firms take steps to protect their sensitive data and guard against online intrusions. According to The New York Times, some financial institutions are asking law firms to fill out lengthy questionnaires detailing their cyber-security measures. Others are even conducting on-site inspections.
Sources: Mondaq, Zerofox, The New York Times, PwC’s “Safeguarding your firm from cyber attacks”