Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
<b><i>Online Extra</b></i><br> Law Firms, Legal Departments Predicted to Focus More on IT Risk
Legal departments and law firms are likely to continue to focus more on information technology risk, given a recent projection that global spending on information security services and products will continue to rise.
According to a recent Gartner study, overall global spending in the sector will total $86.4 billion this year, an increase of 7% over last year. Similarly, spending is predicted to jump to $93 billion in 2018, the study said.
“Gartner's latest report about increased spending on security comes as no surprise, given the increase in data breaches, ransomware and the introduction of GDPR [the General Data Protection Regulation] in 2018,” Darren R. Hayes, a professor at Pace University, told our ALM sibling Legaltech News.
“While the liability associated with data breaches in the U.S. may be limited to reputation, the potential fines associated with the introduction of GDPR [in Europe] should be a wake-up call for multinational corporations,” he said. “Google [was] … already fined $2.7 billion by an EU [European Union] antitrust ruling in June of this year so it is clear that the EU will enforce its new draconian cyber-related laws.”
And GDPR compliance is likely to put a strain on legal professionals. In recent years, financial institutions have prioritized regulatory compliance, as regulatory fines have reached an estimated $100 billion annually, Hayes said. Breach response costs are also increasing, and this problem will be exacerbated by GDPR. The Gartner study predicts GDPR will drive 65% of data loss prevention buying decisions through 2018, and security services will continue to be the fastest growing segment in the sector, especially IT consulting, outsourcing and implementation services.
“Legal and compliance departments can expect to focus more on IT risk in the near future, which includes greater scrutiny of third-party IT service providers and their associated service level agreements,” he added.
Commenting on the findings, Perry Carpenter, chief evangelist and strategy officer at KnowBe4, said that: “From a spending perspective, this is really a continuation from previous years. Yes, it is a slight uptick — but the trend has been moving this direction for a while. The trend is consistent with the rise of security spending over the past few years and signals that security programs require ongoing attention and that the security arms race will continue.”
Carpenter also noted that individual technology segments are behind the increase, including: security consulting, testing, data loss prevention (DLP), identity and access management (IAM), secure Web gateways (SWGs), and security outsourcing.
He explained this is being driven by:
- Global regulation, including GDPR preparedness work, and the “continued tide” of other global security and privacy related mandates;
- “Fear” of data breach and/or intellectual property loss; and
- “Shortage” of security expertise within most organizations.
For lawyers, this means that “mandates to protect information exist not only for your clients, but also for legal teams and departments,” he said. “So, don't get caught up in trying to understand how these requirements and trends impact others, but forget to assess how they impact you.”
Carpenter suggests that “prudent” companies “will evaluate their needs and set a budgetary run rate for security that grows at least proportionally with their IT budget.” In addition, he said that “prudent” security programs “will not be solely technology-focused. Rather, they will also embrace the human elements of security.”
“Specifically, they will be aware that the vast majority of data breaches are caused by preventable human errors. As such, ongoing employee training, third-party training and even customer training can be key to establishing a security conscious culture that helps to minimize negative security-related behavioral outcomes,” he added.
Similarly, Joseph Lawlor, managing director of cyber defense at K2 Intelligence, an investigative firm, said that the Gartner report shows how compromises are often the result of highly focused attacks but are just as often due to “targets of opportunity that arise to insecure environments.”
Lawlor noted that the study also “illustrates a change in mindset” from security as the result of “bolting on incomplete solutions” to designing fully systems, networks and applications “with security as a focus in its foundation.”
“Law firms rely heavily on third party software for everything from client communications to billing and case management. They work with data that includes everything from PII [personal identifiable information] to intellectual property and often has attorney client privilege attached. It is paramount that they have a deep understanding and confidence that the systems and software used to enable their day to day work are functioning at the highest levels of security. A law firm's success literally depends on its ability to inspire trust and confidence in its clients and a single breach of that trust and confidence can spell disaster,” he explained.
*****
Ed Silverstein writes for Legaltech News, an ALM sibling of Cybersecurity Law & Strategy.
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
How Secure Is the AI System Your Law Firm Is Using?
In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.
COVID-19 and Lease Negotiations: Early Termination Provisions
During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.
Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support
The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.
The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies
Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.
Authentic Communications Today Increase Success for Value-Driven Clients
As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.