Law firms are increasingly investing in cybersecurity programs

Logicforce released the results of its most recent Law Firm Cybersecurity Scorecard, a periodic study designed to assess cybersecurity preparedness across the legal industry and educate law firms on data protection best practices.

Results of the study indicate that law firms are increasingly investing in cybersecurity programs, but most law firms are not implementing many of the protocols that will comprehensively protect them and their clients over time. Many firms’ clients and potential clients are not shy about demanding secure data practices. Fifty-four percent of law firms report being audited by one or more clients at least once – a 13% increase since the last scorecard.

“The 2018 Cybersecurity Scorecard findings show that while cybersecurity preparedness in the legal industry has improved since our last scorecard, law firms must adopt more effective cybersecurity measures to protect themselves and their clients,” said Gulam Zade, partner and general counsel at Logicforce. “Comprehensive cybersecurity protocols are imperative to preserving client trust, protecting the most sensitive data and, ultimately, allowing law firms to differentiate themselves as legal services providers.”

Most law firms aren’t implementing top-weighted cybersecurity protocols

Less than half of law firms are implementing some of the top-weighted cybersecurity protocols – these being multi factor authentication (47%), 3rd party risk assessment (37%), having the proper security executive (34%), and SOC monitoring (24%).

Many law firms don’t have formal measures in place to keep their data secure

Most law firms are investing in certain cybersecurity measures, such as penetration and vulnerability testing (88%) and have some sort of password management tool in place (99%). However, fewer law firms are investing in more formal cybersecurity areas. For example, 36% of firms do not have cybersecurity insurance, 45% of firms do not have formal cybersecurity policies, and 46% do not have cybersecurity training formally documented.

The majority of law firms require better cybersecurity management

Currently, most (67%) law firms place the responsibilities for implementing and managing cybersecurity policies on either IT Directors or Managers or some other non-IT executive at the firm. Roughly 1 in 3 (34%) firms leave these responsibilities to personnel who have specialized knowledge on cybersecurity, such as a Chief Information Security Officer or an Information Security Manager.