Cybersecurity is a growing concern for businesses, but how concerned are lawyers about cybersecurity? Are they as concerned as they should be?
US Legal Support set out to see how attorneys feel about multiple industry topics in its first annual Litigation Support Trends Survey, conducted in August 2022. As previously reported, there are four main themes in the survey data, and he’s detailed each one over the past few weeks.
Today, we delve into the fourth and final theme identified in the survey data: growing cybersecurity concerns within the legal department.
→ Missed the full study? Click here to download the litigation support trends infographic.
Law firms are ripe for cybersecurity attacks
Case confidentiality can exacerbate the risk of data privacy breaches, undermine credibility, and attract regulatory scrutiny. This particular risk to the legal industry is explored in more detail in a related white paper, Potential Cyber Threats: How to Manage Risk in Corporate Legal Departments.
The paper argues that law firms have been targeted in cybersecurity incidents because of the sensitivity of their work. Very valuable to criminals. Most companies will pay to get their information back rather than risk their reputation. So where are these legal organizations most vulnerable? The biggest cybersecurity risks can be found in:
Employee cybersecurity standing and compliance
Employee cybersecurity awareness is one of the biggest risks an organization faces. According to CEOWORLD magazine, “Having a strong awareness and training program for staff on how to stay safe in a remote working world is one of the most important things for the company and its cybersecurity efforts. (source) Legal professionals must be educated and trained on how to recognize and resist intrusions.
Risk of overlooked suppliers
Despite years of security enhancements, many companies overlook critical vulnerabilities with alarming frequency. This is the risk posed by third-party and fourth-party litigation support partners. This is especially true for companies that rely on panel companies or major legal vendors to make usage decisions further down their chain of supply.
When surveying respondents about what cybersecurity parameters they look for when scrutinizing litigation support providers (organizations that provide court reports, records retrieval, interpretation and translation, legal consulting services, etc.), respondents were: Items were ranked as most important.
The following cybersecurity features rank as the lowest priority for legal organizations, but somewhat ironically, they may be key to fully protecting your client’s confidential information.
- Independent audits of vendor systems, processes, and controls 22%
- Third-party penetration testing required 13%
- SOC 2 Type 2 Certified by Independent Audit 9%
Centralized cybersecurity risk assessments of litigation support vendors and outside counsel are necessary, not desirable. Robust data privacy policy. HIPAA compliant by independent audit. and end-to-end file encryption are the most common means used to scrutinize providers, but the list shouldn’t stop there.
Free Checklist: 9 Key Cybersecurity Questions to Ask When Screening a Litigation Support Service Provider
Cybersecurity: How Legal Organizations Can Minimize Exposure in 2023.
More than two-thirds (69%) of respondents say their companies are well protected from cybersecurity risks, but are they really?
- Only one-third (34%) of the organizations surveyed cite a robust cybersecurity posture as their top technical priority.
- 42% of companies prioritize cybersecurity
In an era of burgeoning cybercrime, are legal organizations that prioritize cybersecurity as protected as they need to be?
Nearly a third (31%) of the survey results reported that their company was targeted by an attack in the last year.
This data suggests that there is still much work to be done.
One of the biggest things legal organizations can do to protect their data? Conduct a thorough risk analysis of all vendors and develop future best practices for new vendor partners. With cybersecurity events on the rise post-pandemic, partnering with a weak legal services provider can quickly undermine a carefully executed cybersecurity strategy and put sensitive client data at risk.
