Cybersecurity For Law Firms: A Business Risk To Take Seriously

The legal sector is one of the more interesting industries to examine when it comes to cybersecurity—and there are a few reasons for this. First, law firms and other legal organizations are one of the most widely-used third parties. While not every company uses payment processing machines or medical devices, nearly every company—large and small—works with a law firm in at least some capacity. Additionally, the criticality of the data held by law firms makes them a target for hackers.

security ratings snapshot example

Request your free Security Rating Snapshot to find the gaps in your security program and how you compare to others in your industry.

Get Your Rating
Button Arrow

One example that highlights the criticality of cybersecurity for law firms was the so-called Panama Papers breach in 2016. In what was called at the time “history’s biggest data leak,” over 2.6 terabytes of data were compromised and 11 million documents from Panamanian law firm Mossack Fonseca were leaked. Data from more than 200,000 offshore companies was exposed in the breach, and many of them had to deal with legal, financial, and reputational damage from the fallout.

We’re starting to see law firms placing greater emphasis on internal cybersecurity and cybersecurity for their own third parties. These firms are realizing more and more that clients are measuring them not just by the services they provide, but on how well they can secure their clients’ data. Following this, some law firms are pushing the industry as a whole to step up cybersecurity practices to ensure that they are on par with or above those of other sectors. These organizations understand that they provide a critical service, and that by managing the risk of their third parties, they’ll be able to better maintain a world-class security program. We expect an influx of law firms to adopt similar attitudes in coming years, and craft cybersecurity policies that help set them apart from their competition.

If you need more hard data, consider the following insights outlined in our BitSight Insights report, Exploring Data Security In The Legal Sector & Beyond:

  • Although companies in the legal sector have high security ratings and low rates of vulnerabilities, the industry remains a key target for cyber criminals. In fact, we’ve found that the legal sector only trails finance with regard to Security Ratings, and is in line with retail. But due to the sensitivity of the information housed by law firms, they will likely remain a target for bad actors well into the future—and need to continue to be diligent.
  • More than 60% of organizations in the legal sector are exposed to the DROWN vulnerability. This is troubling primarily because DROWN was identified in early 2016, but by late 2016 more than half of law firms analyzed were still vulnerable. This indicates a lack of proactivity to cybersecurity, which is troubling. Firms should take this statistic to heart and focus on closing open ports or patching known vulnerabilities to lessen their risk of data exposure.

Download Now: Exploring Data Security In The Legal Sector & Beyond

Whether you’re in the legal sector or simply want to better understand the intersections between cybersecurity and law, this BitSight Insights report offers in-depth analysis on a subject that is both interesting and important. It examines the cybersecurity performance of law firms compared to other industries and how cybersecurity performance in law firms and the legal field has changed over time—and whether there are any current concerns that should be addressed. Download it today to stay on top of an issue that could impact you.