Why Cybersecurity Should Be Top of Mind in 2022

2021 was a challenging year for many reasons (year two of a global pandemic, for starters), but it was an especially demanding year in cybersecurity. Cybersecurity threats are not only growing more prevalent but also more expensive.  

• In 2021, the average cost of a data breach reached $4.24 million per incident, the highest in 17 years.  

• Data breaches in first half of 2021 exposed an estimated 18.8 billion sensitive records. 
• The total number of security breaches increased by 17% alone in 2021  

Law firms have seen an increase in cyber threats since the onset of the COVID-19 pandemic.  

• 24.9% of all ransomware attacks in Q1 2021 targeted small and medium sized law firms [From the Coveware Quarterly Ransomware Report Q1 2021, linked here] 

• A 2021 report revealed that 15% of a sample of global law firms showed compromised networks already and that all firms in the survey were subject to targeted threat activity. [From the Bluevoyant Sector 17 Legal Sector Report, linked here.] 

Why Law Firms Are Being Targeted 

Law firms are being targeted for a variety of reasons. First, cybercriminals have all-but exhausted the Fortune 500 pool of targets and are now moving on to unsuspecting small and mid-size businesses across all sectors. Second, as everyone moved to remote work in March 2020, thousands of workers began completing tasks at home from unsecured home networks. Confidential information attorneys work with became more easily available than ever to hackers.  

The privileged and confidential nature of lawyers’ work also makes them incredibly lucrative targets. It’s easy to see how attorneys may be more likely to pay a ransomware demand to get their sensitive information back, and less likely than enterprise-level companies to have full, up-to-date cybersecurity protections in place. A 2020 ABA Legal Technology Report found that less than half of survey respondents (43%) utilize file encryption and that less than 40% use two-factor authentication and intrusion prevention. 

So, what is a law firm (or any company for that matter) supposed to do in 2022 to protect their data?  

Cybersecurity needs to be at the forefront of any business, but particularly for those who work in the legal sector. With the average ransomware payment around $221,000, it is not only imperative for client confidentiality, but also for business sustainability. 

 The following articles have terrific tips if you are looking for action items on how to create a more secure environment for your firm and/or business. 

• As the Ransomware Gangs Move from Big Game to Mid-size Game, What’s a Law Firm to Do? [AbovetheLaw.com] 
• Law Firm Cyber Attacks: Is Your Firm Protected? [The National Law Review] 
• So Long, 2021: What the Year Ahead Holds for Law Firm Data Security [Law.com] 

The biggest tip? Evaluate all your provider relationships. Your firm may be exercising the utmost caution, but what about your partners and providers? To aid in your search and discussions, U.S. Legal Support recently re-released its Cybersecurity Checklist: 9 Questions to Ask When Choosing a Litigation Support Services Provider.  

The checklist includes not only the most important questions to ask, but also the types of supplementary security documentation to ask for and important terminology to know. Click here to get your free copy of the U.S. Legal Support Cybersecurity Checklist.