Business Demands Overshadow Cybersecurity Needs at Law Firms, Survey Finds

Though important, cybersecurity for law firms takes a back seat to business and profit demands, according to Novitex and the Association of Legal Administrators’ (ALA) “2016 Report on Trends Impacting the Legal Industry,” a survey of over 800 law firms and legal administration professionals worldwide.
The report found that law firms across the globe were primarily concerned with bolstering their business operations and financial viability above all else. For example, around 24 percent of respondents cited each increasing net profits and attracting new clients as top concerns, while an additional 20 percent also cited increasing revenues as a top concern.
Coming in as a distant fourth, only 8.4 percent of firms were most concerned with reducing cybersecurity risk, compared to 7.8 percent of firms concerned with improving workflows. Around of half of those (4.1 percent) were also primarily focused on upgrading their technologies.
At PricewaterhouseCoopers’ (PwC) Law Firm Services Global Forum’s “Cyber Risk — A Growing Threat” session in May 2016, Douglas Bloom, director of cybersecurity and forensics at PwC, cautioned law firms against separating cybersecurity needs from business ones.
Cyberattacks, he said, “comprise a business risk instead of just an IT risk,” noting that many cybercriminals target law firms because of the intellectual property and sensitive data of their clients.
Yet firms were lagging behind in funding their cybersecurity programs. The survey found that 10 percent of firms did not spend any of their budget on cybersecurity, while 40 percent described their cybersecurity spend as a “moderate amount” and 12 percent described it as “a lot.”
Firms did, however, spend far more on maintaining their IT infrastructure, with 44 percent spending a “moderate amount,” and 32 percent spending “a lot.” By comparison, over one-quarter (27 percent) of firms did not allocate any funds to e-discovery, while 30 percent spent a “moderate amount” and only 6 percent spent “a lot.”
Law firms’ relatively low spending on cybersecurity and e-discovery may be due to outsourcing these operations to cost-effective vendors. Over half of law firms, the survey found, outsourced their e-discovery (55 percent) as well as IT and cybersecurity operations (51 percent).
The prominence of outsourcing may reflect firms’ response to demands to stretch budgets and become more efficient. The survey noted 59 percent of firms found the task of “doing more with less” was at least somewhat challenging, with 47 percent saying the same of time management.
But in the push toward efficiency, awareness of their cybersecurity risks may also be falling short. ALM Intelligence’s “Cybersecurity and Law Firms: Defeating Hackers, Winning Clients” report, a survey of 210 law firm respondents, found that despite 73 percent of firms are receiving demands from clients to boost their cybersecurity, 75 percent expressed confidence in their current protections. These defenses, however, were found to be lacking, with many firms failing to create or test an incident response plan or audit the security of their third-party vendors.
Steven Kovalan, senior legal analyst at ALM Intelligence, told Legaltech News that while firms have “moved in the right direction,” they still “have a long way to go before they can be considered having implemented comprehensive security measures.”


. . . . . . . .

Leave a Reply