Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

e-Commerce Law & StrategyFeaturesKickerLJN NewslettersNewsSectionsTechnology Media and TelecomTopics

<b><i>Online Extra:</b></i> Am Law 200 Firms Spending $7M on Cybersecurity Annually

By Chris DiMarco
August 31, 2015

With unfettered access to critical documents and information, law firms are an attractive target for hackers. Even when firms employ cutting-edge data security techniques, their possession of corporate data still multiplies the surface area of risk for that information. A recent survey of the Am Law 200, which tapped nearly one-third of firm CIOs for their experience, is showing the extent to which the highest grossing firms are spending to mitigate the risk associated with data security.

According to the findings of Chase Cost Management's 'What Price Peace?”survey'spending on information security at Am Law 200 firms rarely exceeds 1.9% of gross annual revenue. Firms spent around $6.9 million on average, though the survey cautions some of that may have gone to non-cybersecurity projects.

While the survey was able to determine the average that respondent law firms were spending on these efforts, harder to determine was whether or not that was enough. Respondents split 50/50 on whether their spending was 'about right' or 'not enough,' though predictably, no respondents indicated there cybersecurity spending was 'too much.'

Firms also varied in what areas they were spending. When asked to rank their top three spending priorities, respondents most frequently indicated a need to strengthen in-house security expertise (22.2% of respondents). The runners-up priority wise split three ways: Assessment to identify gaps in security posture, cyber liability insurance policy and risk transferring, and training for employees to increase awareness each made the priorities list 12.1% of the time.

Overall, the survey suggested that the priorities set by firms were positive. Chase Cost Management wrote, 'Traditionally, many law firms have chosen, likely to control expenses, to give the CIO or IT Director the responsibility for security management and an existing network systems engineer the responsibility for security operations. A hands-up survey of the audience suggests that most firms still do not have dedicated security staff. However, there were a few, albeit larger firms, who have managed to get support for four and five FTEs who are focused on information security initiatives.”

Chris DiMarco writes for'Legaltech News, an ALM sibling of e-Commerce Law & Strategy.

With unfettered access to critical documents and information, law firms are an attractive target for hackers. Even when firms employ cutting-edge data security techniques, their possession of corporate data still multiplies the surface area of risk for that information. A recent survey of the Am Law 200, which tapped nearly one-third of firm CIOs for their experience, is showing the extent to which the highest grossing firms are spending to mitigate the risk associated with data security.

According to the findings of Chase Cost Management's 'What Price Peace?”survey'spending on information security at Am Law 200 firms rarely exceeds 1.9% of gross annual revenue. Firms spent around $6.9 million on average, though the survey cautions some of that may have gone to non-cybersecurity projects.

While the survey was able to determine the average that respondent law firms were spending on these efforts, harder to determine was whether or not that was enough. Respondents split 50/50 on whether their spending was 'about right' or 'not enough,' though predictably, no respondents indicated there cybersecurity spending was 'too much.'

Firms also varied in what areas they were spending. When asked to rank their top three spending priorities, respondents most frequently indicated a need to strengthen in-house security expertise (22.2% of respondents). The runners-up priority wise split three ways: Assessment to identify gaps in security posture, cyber liability insurance policy and risk transferring, and training for employees to increase awareness each made the priorities list 12.1% of the time.

Overall, the survey suggested that the priorities set by firms were positive. Chase Cost Management wrote, 'Traditionally, many law firms have chosen, likely to control expenses, to give the CIO or IT Director the responsibility for security management and an existing network systems engineer the responsibility for security operations. A hands-up survey of the audience suggests that most firms still do not have dedicated security staff. However, there were a few, albeit larger firms, who have managed to get support for four and five FTEs who are focused on information security initiatives.”

Chris DiMarco writes for'Legaltech News, an ALM sibling of e-Commerce Law & Strategy.

Read These Next
How Secure Is the AI System Your Law Firm Is Using? Image

In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.

COVID-19 and Lease Negotiations: Early Termination Provisions Image

During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.

Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support Image

The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.

The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies Image

Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.

Authentic Communications Today Increase Success for Value-Driven Clients Image

As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.