The phrase ‘perfect storm’ is over used, but there are plenty of reasons for legal IT professionals to look pensive as they look ahead to plan their projects for the next 12 months. Across the legal industry, as “Get Safe Online Week” draws to a close, cyber security is starting to become a buzzword, where before it was only a relatively distant concern. To see the evidence of this change we need only look as far as the last week’s papers. Three recent headlines have framed the technological threats that legal firms are already starting to face.
The first was the news that from early next year, the new EU Data Protection Regulations will be finalised. In an industry that handles gigabytes of personal and case sensitive information every week, it’s already vital to ensure that all that information is safe from prying eyes, but the new regulations will make compliance to data security rules more complex – and costly – than ever before. Failure by firms to comply to these new rules is likely to generate fines that could be as high as 5% of global revenue.
The second headline is from a recent article in the Financial Times which reported the incidences of cyber attacks over the past four years. Worryingly the data showed that digital attacks have increased by 144% since 2010 and are now costing firms almost double what they did four years ago.
Thirdly, and finally, a major supplier of logistics services to the legal industry, DX, recently surveyed 100 legal professionals, discovering that three quarters (74%) of recipients were worried about cyber security, and that 29% had experienced a security breach in the past year.
Evidently, security against cyber attacks must be a priority for legal IT teams, but what does the threat landscape actually look like? At the fundamental level, the threats haven't really changed all that much in the last 20 years. What has changed is the driving force behind the threats. Previously, hackers would typically be doing it for interest and the challenge, however this has quickly evolved into the pursuit of money, particularly through extortion, blackmail and corporate espionage. This trend has brought the threats to the gate of every single business, especially those with sensitive data to protect, and that’s made the legal industry a prime target.
The pressures facing the legal industry are two pronged. From one side legal regulators are becoming increasingly interested in Information Security and requiring law firms to take the issue seriously. At the same time, clients are also driving new behaviours by requiring their law firms to prove their robust information security measures at the pitching stage and auditing firms on a regular basis to ensure a continued focus on security.
It is this client side pressure that will be the most immediate concern for firms, which not only need to demonstrate security prowess to drive business, but must also increasingly be available to deal with clients’ concerns outside of work hours and away from the office. This means working on different devices and away from established office systems, but still maintaining the highest levels of security.
Whilst the threats multiply and become increasingly pervasive, so too the regulation and the client expectations are quickly ramping up. For those on the frontline – the legal IT professionals – the challenge of maintaining flexible and convenient working practices whilst keeping data well beyond the reach of cyber criminals will perhaps be the dominant concern over the next year and beyond.
Copyright © 2023 Legal IT Professionals. All Rights Reserved.