How much law firms dedicate to data privacy and security

Vulnerabilities in law firms’ data security present an unprecedented existential threat, while increasing corporate demand for legal expertise in information security, compliance and incident response provides an emerging revenue growth opportunity, according to ALM Intelligence.

“Many firms’ confidence in their own cyberattack preparedness seems misguided. Our research indicates that most remain surprisingly unprepared for the threat,” says Daniella Isaacson, ALM Intelligence Senior Legal Analyst. “For example, many never test their cybersecurity protocols. This means that on the day of a breach, those firms are using an unproven response plan.”

Fellow Senior Legal Analyst and co-author Steven Kovalan adds, “On the flip side, the opportunity cybersecurity represents for law firms is growing rapidly. Within the Am Law 200, the vast majority of firms have created a dedicated cybersecurity practice. However, the scarcity of cybersecurity talent calls into question the legitimacy of these practices, and indicates that many firms are marketing themselves around a nascent skillset that they may not be able to deliver.”

ALM Intelligence’s research findings related to law firms

• More than 70% of firms report that their clients have exerted pressure on them to increase internal data security
• Law firms are more confident than ever in their ability to withstand a cyberattack
• Many firms have failed to build out partnerships and protocols that would provide dependable protection and robust response to a data breach
• Worse, more than 50% do not regularly conduct fire drills to test the efficacy of their plans
• More than 85% of Am Law 200 firms identify as having a practice group dedicated to issues of data privacy and security
• More than 40% of firms with a cybersecurity practice group expect to grow their headcount in the next year.