Law firms aware but ignoring security risks

Matt Blowes January 13, 2016 Security, Legal

Legal professionals are almost universally aware of the threat online criminals pose to their IT systems. Yet according to a new report, they are largely failing to introduce adequate security measures to prevent attacks.

ALM Legal Intelligence's new study of legal IT security risks reveals a splintered approach to securing networks by law firms. Despite the threat of data breaches going to the very core of the solicitor-client relationship, confidentiality, many firms take little formal action towards IT security.

The Cybersecurity and Law Firms: Ignorance is Risk report shows clear room for improvement:

  • 47% of law firms say their companies do not regularly test their cybersecurity programs.
  • Nearly one-third of law firms have not carried out a formal information, security and privacy assessment.
  • Approximately one-third of law firms do not hold cyber liability insurance policies.
Firms aware but lacking in motivation

Many law firms are stuck on the ad-hoc route to IT security. Patches holes and updating security software when it expires. Worse still, others leave security a non-priority until after a network is breached or compromised. These approaches are outdated and dangerous.

Writing in the Financial Review, Business security expert James Turner said failing to maintain good IT security practices is equivalent to failing to act in the interests of the business.

"This is a problem. Ignorance of the relevance of cyber security to your organisation is a glaring failure of organisational risk management and governance. "

It is not a stretch to apply the same to law firms. Liability may be placed on them if confidential client data is stolen and acceptable IT security measures were not in place. Plus the serious effect of stolen confidential client data on the prospects of a case or reputation of the firm overall.


There is an adequate 'set-it-and-forget-it' solution available. It is a managed IT service. This is desirable for smaller firms, without the resources for dedicated in-house IT support.

Basic security measures can be implemented and maintained with the ability to introduce more comprehensive features gradually. This is part of shifting IT security from a reactive to proactive approach. Constant monitoring and updating ensures systems aren't left ignored, only to face security issues again in the future.

Image Credit: 'Albert V Bryan Federal District Courthouse - Alexandria Va - 0016 - 2012-03-10' by Tim Evanson on Flickr.

Recent Posts

New call-to-action

Subscribe to our Newsletter