The Financial Conduct Authority has, very sensibly, declared that technology and big data are set to be the key focuses for the regulator in the year ahead.
On 1 March, in a lecture outlining the FCA’s view of the general insurance sector, Simon Green, Director of General Insurance & Protection, declared that “underinvestment in IT structures, legacy systems and a lack of integration following mergers” are having a significant impact on the capability of businesses to protect their information.
This is undoubtedly true, and it is reassuring to know that the FCA fully appreciates the growing threat of cybercrime. The legal sector, and indeed business more widely, relies heavily on digital systems to store sensitive information and therefore firms of all sizes would be well advised to take note of this warning from Mr Green.
As a law firm adapts and develops, its digital security systems must do the same. This principle has often been neglected by firms, particularly where they have just experienced a merger. It is often the case that merging firms fail to integrate the information systems of their legacy businesses adequately, often emerging with an inefficient and insecure system that is seriously vulnerable to data breaches. The issue has no doubt become more prevalent given the buoyancy of the legal merger market at present.
To counter this, the importance of planning IT contracts and functions well in advance of a merger to maintain secure digital information structures ought to be fully appreciated and acted upon. It is of course completely obvious that if a firm’s technology is outdated or incoherent, it is going to find it difficult both to access important data and protect sensitive information.
The digitalisation of valuable information across all businesses means that the potential rewards for cyber criminals has never been greater, and as a result, the attacks have become more targeted and sophisticated. Given the amount of highly sensitive client information law firms hold however, the legal sector represents a more attractive prospect than most. To counter this, law firms must regularly test their systems to ensure that they can stand up to the ever-developing techniques of criminals.
In many ways this represents an ‘arms race’ between the legal sector looking to keep its information secure and criminals seeking to steal it. To prevent a breach, firms must continue to update and invest in their digital security systems to ensure they are always a step ahead.
As firms continue to place a greater proportion of their sensitive information within the digital sphere in a drive to boost efficiency and reduce costs, the ramifications of potential security breaches have become increasingly serious. As more valuable information becomes digitalised, the consequences of a potential breach becomes more costly and the reputational damage more lasting.
If preventative measures are not properly put in place, the confidential data and personal information of clients will continue to be at risk. It is certainly encouraging that the FCA are making the epidemic of underinvestment in protecting data within the general insurance sector a priority. The focus is now on the legal sector to invest in suitable security structures to ensure that the risks of data breaches are kept to an absolute minimum.
Geoff Mendelsohn is a specialist in commercial and IT litigation at Bivonas Law and has worked as a partner in leading UK and US law firms.