Cybersecurity is a growing concern for corporations, but how concerned are lawyers about cybersecurity? Are they as worried as they should be?
US Legal Support set out to determine how attorneys felt about several industry topics in our first annual Litigation Support Trends Survey, which we conducted in August 2022. As previously reported, there were four major themes in our survey data, and we’ve covered each in depth over the past few weeks.
Today, we’re going to dive into the fourth and final theme we saw in our survey data: growing cybersecurity concerns in the legal industry.
→ Did you miss the full survey results? Click here to download the Litigation Support Trends infographic.
Law firms are ripe for a cybersecurity attack
The sensitive nature of cases heightens the risk of data privacy breaches with the potential to erode credibility and attract regulatory scrutiny. We’ve covered this particular risk for the legal industry in more depth in our related whitepaper, HIDDEN CYBER THREATS: How to Manage Hidden Risks in Your Company’s Legal Department.
The paper posits that law firms are prime targets for cybersecurity incidents due to the sensitive nature of their work. Sensitive information is very valuable to cyber criminals who use access to this information to extort money. Rather than risk their reputation, most companies would pay to recover their information. So where are these most vulnerable legal organizations? The biggest cybersecurity risks could lie in the following:
Cybersecurity stature and employee compliance
Employee cybersecurity awareness is one of the biggest risks an organization faces. According to CEOWORLD magazine: “Having a strong staff awareness and training program on how to stay safe, even in the world of remote work, is one of the most important things you can do to your business and its cybersecurity efforts. (source) Legal professionals must be educated and trained to recognize and resist incursions.
Neglected Supplier Risks
Despite security tightening in recent years, many organizations overlook a critical vulnerability with surprising frequency: the risk presented by third-party and fourth-party litigation support partners. This is especially true for companies that rely on a panel company or their main legal supplier to make usage decisions further down the supply chain.
We asked respondents about the cybersecurity metrics they look for when vetting litigation support providers (organizations that provide court reporting, records retrieval, interpretation and translation services, consulting services litigation, etc.) and the following were ranked as the most important:
The following cybersecurity features are the lowest priority for legal organizations, but ironically they could be the key to ensuring the complete protection of sensitive client information.
- Independent audit of supplier systems, processes and controls 22%
- Third party penetration testing required 13%
- SOC 2 Type 2 certification with independent audit 9%
FREE CHECKLIST: 9 Essential Cybersecurity Questions to Ask When Auditing Dispute Support Service Providers
Cybersecurity: How legal organizations can minimize exposure in 2023.
More than two-thirds of respondents (69%) say their business is adequately protected against cybersecurity risks, but are they really?
- Only a third (34%) of organizations surveyed cite a strong cybersecurity posture as a top technology priority.
- 42% of companies prioritize cybersecurity
If less than all legal organizations are prioritizing cybersecurity, are they as protected as they need to be in an era of rapidly increasing cybercrime?
In our survey results, nearly a third (31%) said their business had been the target of an attack in the past year.
These data suggest that there is still a lot of work to be done.
One of the most important things a legal organization can do to protect its data? Perform a thorough risk analysis of all vendors and develop best practices for new vendor partners. With the increase in cybersecurity events post-pandemic, partnering with a vulnerable legal services provider can quickly compromise your carefully executed cybersecurity strategy and put sensitive client data at risk.