Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Law Firms: You Can't Buy Yourself Out Of Risk
While no amount of insurance can protect your reputation, you also can't buy yourself out of the cyber risks that threaten your reputation either. eSentire recently conducted research with 1,250 senior IT and security executives across financial, healthcare, legal, manufacturing, telecommunications, and other industries to gauge their risk tolerance, security maturity, and top risks.
The sample included more than 160 law firm executives (from medium to large firms), and we found that law firms were among some of the highest spenders on security yet were susceptible to some of the most common risks. And the issue will grow over the coming years as the demands of the business drive the adoption of emerging technologies, such as cloud and Artificial Intelligence (AI).
Law Firm Overall Spend on Security Is Among the Highest
Law firms rival their much larger counterparts, telecoms companies, when it comes to security spend as a percentage of IT spend. Lowest of any industry, non-firms reported spending less than 5% on security. Only 21% of firms spent between 5-10%; whereas 40% spent 11-30%, and 29% spent up to half of their IT budget on security. It's a good news, bad news scenario. The good news is law firms have awoken to the threat of cyber-attacks and the potential consequences and are responding with a commitment to security efforts.
Law Firms Are Most Susceptible to Common Security Risks
And now the bad news. Most law firms report that they are susceptible to common security risks and demonstrating table stakes security efforts. Approximately 60% of law firms struggle to manage both malware and non-malware born attacks, leading to significant IT or business impacts. What's worse, the same percentage of firms struggle to bear the growing cost of security efforts, manage and report the status of security risks and patching, and fail to demonstrate the value of IT spend to senior management. A further 58% report difficulties complying with clients or regulators or aligning to risk management requirements.
The Cycle of Despair
The research identified a cycle of despair across all industry segments tied to the gravitational struggle between the demands of the business and the desire to manage risks to the firm. The IT department is caught between the demands of the firm to remain competitive through the adoption of emerging technology, yet held accountable when that technology leads to a security event that causes a material change to the business. As in, the attorneys want new technology, and the partners don't want the associated risk.
Within the cycle, specific contributing factors were identified. Risk was increased by how aggressively firms adopted emerging technologies, such as cloud services, IoT, and AI. These risks were reduced by the overall security maturity posture of the firms, adoption of security technology and services, awareness and understanding of cyber risks at the executive level, and to some degrees, the reporting and spending structure of security efforts.
Law Firms Are Amongst the Least Cyber Mature
So, what constitutes cyber maturity is certainly the contentious issue, but less mature firms were those that reported using basic preventative technologies, such as firewall and anti-virus, and lacked integrated reporting, and threat response capabilities. Remember, these are self-reporting ratings of the respondents. Well above other industries, nearly 70% of law firms only employ preventative technologies, and worse, only 5% have deployed more proactive and predicted security measures to rapidly detect and contain attacks.
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
Major Differences In UK, U.S. Copyright Laws
This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.
The Article 8 Opt In
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.
Strategy vs. Tactics: Two Sides of a Difficult Coin
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
Removing Restrictive Covenants In New York
In Rockwell v. Despart, the New York Supreme Court, Third Department, recently revisited a recurring question: When may a landowner seek judicial removal of a covenant restricting use of her land?
Legal Possession: What Does It Mean?
Possession of real property is a matter of physical fact. Having the right or legal entitlement to possession is not "possession," possession is "the fact of having or holding property in one's power." That power means having physical dominion and control over the property.