Cybersecurity: a top legal industry concern and how to mitigate risk
Cybersecurity is a growing front of concern for legal entities, but just how concerned are lawyers about cybersecurity? Are they as concerned as they should be?
U.S. Legal Support set out to ascertain how lawyers were feeling about multiple industry topics in our first annual Litigation Support Trends Survey, which we conducted in August of 2022. As previously reported, there were four core themes to our survey data, and we’ve been covering each one in depth over the last few weeks.
- The continued prevalence of remote work in the legal industry
- Increased cybersecurity awareness
Today we’re going to dive into the fourth and final theme we saw in our survey data: increasing cybersecurity concerns within the legal sector.
Law firms are ripe for a cybersecurity attack
The sensitive nature of cases exacerbates the risk of data privacy breaches with the potential to erode credibility and attract regulatory scrutiny. We covered this particular risk to the legal industry more in-depth in our related white paper, LURKING CYBERTHREATS: How to Manage Hidden Risk in Your Enterprise Legal Department.
The paper posits that law firms are heightened targets for cybersecurity incidents because of the sensitive nature of their work. Sensitive information is very valuable to cyber criminals who use access to this information to extort money. Rather than risk their reputation, most businesses would pay money to have their information back. So, where are these legal organizations most vulnerable? The biggest cybersecurity risks could lie within the following:
The cybersecurity stature and compliance of employees
Employee cybersecurity awareness is one of the biggest risks an organization faces. According to CEOWORLD magazine: “Having a robust awareness and training program for staff on how to stay secure, even in the remote working world, is one of the most important things you can do for your company and its cybersecurity efforts.” (source) Legal professionals must be educated and trained in how to recognize and resist incursions.
Overlooked supplier risks
Despite strengthening security over the last few years, many companies overlook a critical vulnerability with surprising frequency—the risk presented by third- and fourth-party litigation support partners. This is particularly true with enterprises who rely on a panel firm or their primary legal vendor to make usage decisions further down the supply chain.
We surveyed respondents on what cybersecurity parameters they look for when vetting litigation support providers (organizations that provide court reporting, record retrieval, interpreting and translations, trial consulting services and more) and the following were ranked as highest importance:
The following cybersecurity features rank as the lowest priority for legal organizations, but somewhat ironically, could be the key to keeping client’s sensitive information fully protected.
- Independent audit of vendor’s systems, processes, and controls 22%
- Required third-party penetration testing 13%
- SOC 2 Type 2 certification with independent audit 9%
Cybersecurity: How legal organizations can minimize exposure in 2023.
More than two thirds of respondents (69%) say their firm is adequately protected against cyber security risks, but are they truly protected?
- Only a third (34%) of organizations surveyed list a robust cybersecurity posture as a top tech priority.
- 42% of enterprises prioritize cybersecurity
If less than of all legal organizations prioritize cybersecurity, are they as protected as they need to be in an age of rapidly escalating cyber crimes?
Inside our survey results, close to a third (31%) reported their firm had been the target of an attack in the last year.
This data suggests that there is still much more work to do.
One of the biggest things a legal organization can do to safeguard their data? Conduct a thorough risk analysis of all vendors and develop go-forward best practices for new vendor partners. With cybersecurity events on the rise post-pandemic, partnering with a vulnerable legal services provider can quickly compromise your carefully executed cybersecurity strategy, and put sensitive client data at risk.