Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Data Breaches: Adding a New Layer to the Risk of Legal Malpractice

By Karen Painter Randall and Steven A. Kroll
February 01, 2020

The news these days is filled with reports of significant data breaches. In fact, most experts opine that it is not a matter of "if" but "when," as to whether an entity will fall victim to a cyberattack. Unfortunately, those in the legal profession are not immune to a data breach. What's more, ethical obligations put lawyers and law firms at even greater risk for significant business, financial and reputational harm should they experience a cyberattack. More firms are falling prey to schemes as simple as "phishing" tactics or as sophisticated as a coordinated cyberattack, exposing client data that could include sensitive financial information, market-influencing mergers and acquisitions intelligence, and intellectual property from a patent filing. As a result, attorneys have both an ethical and legal duty to take reasonable steps to protect their clients' personal sensitive data against a cyberattack, or face serious ramifications.

Why Law Firms Are Prime Targets

Law firms are a soft target to hackers as they possess a large volume of critical data. For example, an attorney involved in a highly sensitive business transaction has access to information ranging from a client's personally identifiable information (PII), to details of a business' confidential transactions. Moreover, through discovery and the litigation process, law firms gain access to, among other items, their clients' as well as adversaries' PII, personal health information (PHI), and confidential financial information. Everything from trade secrets, to sensitive market-moving information about a company's finances, to a client's PHI occupies a law firm's files and servers. Additionally, because attorneys tend to identify and isolate this information, hackers are able to quickly and efficiently locate this highly sensitive data. As such, by targeting law firms, cyber criminals have the ability to access a plethora of valuable information located in one place.

Moreover, law firms tend to employ fewer resources toward implementing strong cybersecurity controls, making them more susceptible to an attack. According to the American Bar Association Legal Technology Resource Center's 2019 Legal Technology Survey Report, 26% of respondents report that their firms have experienced some sort of security breach (ranging from hacker activity and website exploits, to more mundane incidents such as lost or stolen laptops). Although the 26% figure is notable, also eye-catching is the 19% of respondents who reported that they do not know whether their firm has ever experienced a security breach. Moreover, the survey found that only 31% of the respondents had an incident response plan. Additionally, only 44% of the respondents use file encryption, 38% use email encryption, and 22% use whole/full disk encryption.

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
Why So Many Great Lawyers Stink at Business Development and What Law Firms Are Doing About It Image

Why is it that those who are best skilled at advocating for others are ill-equipped at advocating for their own skills and what to do about it?

Bankruptcy Sales: Finding a Diamond In the Rough Image

There is no efficient market for the sale of bankruptcy assets. Inefficient markets yield a transactional drag, potentially dampening the ability of debtors and trustees to maximize value for creditors. This article identifies ways in which investors may more easily discover bankruptcy asset sales.

A Lawyer's System for Active Reading Image

Active reading comprises many daily tasks lawyers engage in, including highlighting, annotating, note taking, comparing and searching texts. It demands more than flipping or turning pages.

The DOJ's Corporate Enforcement Policy: One Year Later Image

The DOJ's Criminal Division issued three declinations since the issuance of the revised CEP a year ago. Review of these cases gives insight into DOJ's implementation of the new policy in practice.

Blockchain Domains: New Developments for Brand Owners Image

Blockchain domain names offer decentralized alternatives to traditional DNS-based domain names, promising enhanced security, privacy and censorship resistance. However, these benefits come with significant challenges, particularly for brand owners seeking to protect their trademarks in these new digital spaces.