Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

CybersecurityFeaturesLaw Firm FinancialsLaw Firm ManagementTechnology Media and TelecomCybersecurity Law & Strategy

Law Firms: You Can't Buy Yourself Out Of Risk

By Mark Sangster
September 01, 2018

While no amount of insurance can protect your reputation, you also can't buy yourself out of the cyber risks that threaten your reputation either. eSentire recently conducted research with 1,250 senior IT and security executives across financial, healthcare, legal, manufacturing, telecommunications, and other industries to gauge their risk tolerance, security maturity, and top risks.

The sample included more than 160 law firm executives (from medium to large firms), and we found that law firms were among some of the highest spenders on security yet were susceptible to some of the most common risks. And the issue will grow over the coming years as the demands of the business drive the adoption of emerging technologies, such as cloud and Artificial Intelligence (AI).

Law Firm Overall Spend on Security Is Among the Highest

Law firms rival their much larger counterparts, telecoms companies, when it comes to security spend as a percentage of IT spend. Lowest of any industry, non-firms reported spending less than 5% on security. Only 21% of firms spent between 5-10%; whereas 40% spent 11-30%, and 29% spent up to half of their IT budget on security. It's a good news, bad news scenario. The good news is law firms have awoken to the threat of cyber-attacks and the potential consequences and are responding with a commitment to security efforts.

Law Firms Are Most Susceptible to Common Security Risks

And now the bad news. Most law firms report that they are susceptible to common security risks and demonstrating table stakes security efforts. Approximately 60% of law firms struggle to manage both malware and non-malware born attacks, leading to significant IT or business impacts. What's worse, the same percentage of firms struggle to bear the growing cost of security efforts, manage and report the status of security risks and patching, and fail to demonstrate the value of IT spend to senior management. A further 58% report difficulties complying with clients or regulators or aligning to risk management requirements.

The Cycle of Despair

The research identified a cycle of despair across all industry segments tied to the gravitational struggle between the demands of the business and the desire to manage risks to the firm. The IT department is caught between the demands of the firm to remain competitive through the adoption of emerging technology, yet held accountable when that technology leads to a security event that causes a material change to the business. As in, the attorneys want new technology, and the partners don't want the associated risk.

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
New York's Latest Cybersecurity Commitment Image

On Aug. 9, 2023, Gov. Kathy Hochul introduced New York's inaugural comprehensive cybersecurity strategy. In sum, the plan aims to update government networks, bolster county-level digital defenses, and regulate critical infrastructure.

The Bankruptcy Hotline Image

Recent cases of importance to your practice.

The DOJ's Corporate Enforcement Policy: One Year Later Image

The DOJ's Criminal Division issued three declinations since the issuance of the revised CEP a year ago. Review of these cases gives insight into DOJ's implementation of the new policy in practice.

How AI Has Affected PR Image

When we consider how the use of AI affects legal PR and communications, we have to look at it as an industrywide global phenomenon. A recent online conference provided an overview of the latest AI trends in public relations, and specifically, the impact of AI on communications. Here are some of the key points and takeaways from several of the speakers, who provided current best practices, tips, concerns and case studies.

CLE Shouldn't Be the Only Mandatory Training for Attorneys Image

Each stage of an attorney's career offers opportunities for a curriculum that addresses both the individual's and the firm's need to drive success.