Vendor Risk Management

Cybersecurity For Law Firms: A Business Risk To Take Seriously

Joel Alcon | September 8, 2017

The legal sector is one of the more interesting industries to examine when it comes to cybersecurity—and there are a few reasons for this. First, law firms and other legal organizations are one of the most widely-used third parties. While not every company uses payment processing machines or medical devices, nearly every company—large and small—works with a law firm in at least some capacity. Additionally, the criticality of the data held by law firms makes them a target for hackers.

Exploring Data Security in the Legal Sector

One example that highlights the criticality of cybersecurity for law firms was the so-called Panama Papers breach in 2016. In what was called at the time “history’s biggest data leak,” over 2.6 terabytes of data were compromised and 11 million documents from Panamanian law firm Mossack Fonseca were leaked. Data from more than 200,000 offshore companies was exposed in the breach, and many of them had to deal with legal, financial, and reputational damage from the fallout.

We’re starting to see law firms placing greater emphasis on internal cybersecurity and cybersecurity for their own third parties. These firms are realizing more and more that clients are measuring them not just by the services they provide, but on how well they can secure their clients’ data. Following this, some law firms are pushing the industry as a whole to step up cybersecurity practices to ensure that they are on par with or above those of other sectors. These organizations understand that they provide a critical service, and that by managing the risk of their third parties, they’ll be able to better maintain a world-class security program. We expect an influx of law firms to adopt similar attitudes in coming years, and craft cybersecurity policies that help set them apart from their competition.

If you need more hard data, consider the following insights outlined in our BitSight Insights report, Exploring Data Security In The Legal Sector & Beyond:

  • Although companies in the legal sector have high security ratings and low rates of vulnerabilities, the industry remains a key target for cyber criminals. In fact, we’ve found that the legal sector only trails finance with regard to Security Ratings, and is in line with retail. But due to the sensitivity of the information housed by law firms, they will likely remain a target for bad actors well into the future—and need to continue to be diligent.
  • More than 60% of organizations in the legal sector are exposed to the DROWN vulnerability. This is troubling primarily because DROWN was identified in early 2016, but by late 2016 more than half of law firms analyzed were still vulnerable. This indicates a lack of proactivity to cybersecurity, which is troubling. Firms should take this statistic to heart and focus on closing open ports or patching known vulnerabilities to lessen their risk of data exposure.

Download Now: Exploring Data Security In The Legal Sector & Beyond

Whether you’re in the legal sector or simply want to better understand the intersections between cybersecurity and law, this BitSight Insights report offers in-depth analysis on a subject that is both interesting and important. It examines the cybersecurity performance of law firms compared to other industries and how cybersecurity performance in law firms and the legal field has changed over time—and whether there are any current concerns that should be addressed. Download it today to stay on top of an issue that could impact you.

Suggested Posts

Can Your Vendor Assessments Be More Efficient?

If you’re using a “one-size fits all” approach to managing your vendor lifecycle, you are missing opportunities to save money and operate more efficiently. Vendor management efficiencies don’t end in the onboarding stage: using a...


Do You Have The Right Vendor Management Policies?

If you’re experiencing frustrating delays and procedural roadblocks during your vendor management process, you’re not alone. Security managers are seeing an increase in the number of third-parties integrating with their business, and ...


3 Ways To Make Your Vendor Lifecycle More Efficient

During this dynamic and stressful workplace environment 2020 has brought us, finding the most efficient ways to perform in your job has never been more important. When it comes to managing your vendor lifecycle, there are three ways you...


Subscribe to get security news and updates in your inbox.