There is an ominous statistical dichotomy in the legal industry: most law firms view cybersecurity as a major strategic risk to their organizations, yet many of them say they are unprepared for a significant cyberattack.
According to Marsh’s 2014 Global Law Firm Cyber Survey, 79 percent of law firm respondents viewed cyber/privacy security as one of their top 10 risks in their overall risk strategy, but 72 percent said their firm has not assessed and scaled the cost of a data breach based on the information it retains.
This challenge was at the heart of a recent ABA Pilot Project designed to help law firms better understand their vulnerabilities and identify potential avenues for addressing them together.
David Bodenheimer, a partner in the Washington, D.C. office of Crowell Moring LLP, is vice chair of the ABA Section of Science and Technology Law, as well as co-chair of its Security, Privacy and Information Law Division. Mr. Bodenheimer was a leading voice for pulling together D.C.-area law firms over the past couple years and has become an advocate for law firm collaboration on cybersecurity threats.
“The ABA has been on the leading edge of this issue for a few years now, establishing law office cybersecurity as a top priority back in 2012,” Mr. Bodenheimer told us in a phone interview. “It became increasingly clear to me that those of us who practice in large law firms should be talking to each other more openly about the information sharing systems we need in place to protect against cybersecurity threats.”
Infographic: Cybersecurity Stats for Legal Tech
SlideShare Friday: Why Law Firms are at Cybersecurity Risk
NACD Lays Out 5 Key Principles for Cyber-Risk Oversight
Mr. Bodenheimer and a few colleagues invited a number of law firms to bring both partners and CIOs to a series of meetings where they exchanged best practices, discussed emerging threats and brainstormed ideas for sharing cybersecurity information.
“We also invited the FBI to send a representative to speak to us about the common threats we all face and we spoke with an official from the Department of Homeland Security about our project goals,” said Mr. Bodenheimer.
The ABA team completed the pilot project and discussed its findings within the ABA Cybersecurity Legal Task Force and various ABA Sections. The conclusion was that law firms of varying sizes and practices need to continue to explore ways they might leverage their collective experience and expertise to better safeguard their confidential data. Among the possible objectives would be development of critical infrastructure, resources and information sharing systems that identify cyber threats and develop early warning alarms to alert law firms of potential cyber attacks.
The ABA continues to explore possibilities for obtaining the resources necessary to build this infrastructure — with a broad spectrum of law firms — as a key component of an information sharing and security program for the industry.
Other cybersecurity information sharing initiatives are also underway in the legal industry. Writing for the New York Law Journal, reporter Christine Simmons described the launch of a new platform that allows law firms to share data on cybersecurity threats anonymously, which would potentially alert firms to emerging cyber threats.
Unfortunately, these threats continue to mount daily. Law firms are principal targets when it comes to cybercrime and the bad guys out there will go to extraordinary lengths to hack law firm networks, compromise security systems and access confidential information.
“Law firms hold some of the most valuable data in the corporate world, so we have an important responsibility to work together to protect ourselves from cybercriminals,” said Mr. Bodenheimer. “We feel that our pilot project revealed an important way forward. Our hope is that we can now identify resources and project sponsors from within the ABA to band together and help us implement some of these ideas.”
If you enjoyed this post, you might also like:
4 Certs Legal Should Ensure Managed Services Providers Have