Since the “Panama Papers” breach in which 11.5 million confidential documents and 2.6 terabytes of client data was stolen from law firm Mossack Fonseca, a greater emphasis has been placed on law firm cybersecurity. The breach, however, wasn’t an isolated incident. As noted in the 2015 American Bar Association (ABA) Legal Technology Survey Report, 15 percent of law firms have experienced a breach. And yet, almost half of attorneys say their firms have no response plan in place.
Given their abundance of valuable information, law firms are great targets for cybercriminals. When it comes to midsized firms, their organization’s protection level is weaker than that of larger enterprises, and many do not have the resources to buy the tools or hire the staff to properly protect their organizations. On top of that, firms often find themselves woefully behind what’s recommended by the ABA.
While other verticals such as health care or financial services have had to deal with security concerns for years, the legal industry does not have any form of industry-specific compliance that mandates security policy, leaving them beholden to state personally identifiable information (PII) laws and client compliance.