Six-and-a-half months ago, the news broke that almost 50 BigLaw firms in the U.S. were targeted by Russian hackers. From what could be determined, the hackers did not succeed in obtaining anything useful. Nevertheless, it seemed to rattle the legal industry at the time.
Yesterday, ALM, an information and intelligence company, released their second annual Law Firm Cybersecurity Report. The paper, available for purchase from ALM’s site at http://at.alm.com/almintelligence-cybersecurity, contains information derived from interviews with law firm leaders over the past year.
So, have law firms taken the hack attempt last March to heart? Sort of. Although most law firms claim to be more confident than last year that they are able to withstand a cyberattack, very few have implemented well defined protocols that would provide appropriate responses to data breaches, and less than 50% of those who have protocols in place do not regularly conduct “fire drills” to test if the systems actually work.
The report cited that more than 70% of law firm clients have exerted pressure on the firms to increase internal data security. While this is certainly a strong incentive to implement better cybersecurity, lawyers need to get out of the mindset where they believe that no one is going to come after them. According to speakers at the 2016 ABA Techshow, “80% percent of law firms have already been hacked, and the other 20 percent are either lying to or don’t know that they have been hacked”.
It’s not a matter of if, but when, the hack will occur. Time to be serious about law firm cybersecurity.