New research from CenturyLink EMEA conducted among 150-plus IT decision makers in the legal sector has revealed that one in five law firms have experienced an attempted cyberattack in the past month.
The study by the network and managed IT services provider says that 44% of firms have been subjected to an attack in the last year.
Perhaps most notable is the fact that 34% of respondents claimed they have never been the victim of an attempted cyberattack, which is hard to drill down further into without knowing more about the demographics of those firms. Joanne Frears, consulting solicitor at Blandy & Blandy, said: “The average length of time it takes to discover a cybersecurity breach is 196 days and so although it is easy to believe that almost half of all firms have suffered attempted cyberattacks, it is alarming to think that the 34% who claim to never to have been targeted, could simply be unaware that malware has been planted on their system or that perhaps one of their accounts staff is currently being spear-phished. This lack of awareness and preparedness is one of the biggest risks the profession faces.”
While the gap between BigLaw and SmallLaw when it comes to moving to the cloud makes general ‘legal sector’ findings less valuable, it is interesting to note that the research found that 43% of law firms are currently moving to public cloud providers Microsoft, Google, or Amazon, with 23% moving their servers to a colocation facility. “Some firms” are outsourcing not just security but the hosting of their applications to cloud providers, the report slightly nondescriptly notes.
In a bid to combat cybersecurity threats, more than half (55%) of firms said they have employed data security professionals and 60% (only 60%?!) now provide compulsory cybersecurity training for staff. The report fairly concludes: “Clearly more needs to be done to change the culture towards data security within firms; technology alone cannot plug all the security holes. Employees and contractors often provide a soft target for hackers and are sometimes a threat themselves.”
While CIOs now characteristically roll their eyes at the mere mention of GDPR after talking about it over breakfast, lunch and dinner, the CenturyLink survey says that only 25% of firms believe they are currently compliant with the requirements of GDPR.
You can read more of the findings here: Law Firms and Cybersecurity: how can lawyers keep their client data confidential or by clicking direct on this URL: http://www.centurylink.co.uk/asset/business/enterprise/white-paper/centurylink-law-firms-and-cybersecurity-wp170692.pdf