Legal Week have published a Benchmark study titled 'Locked Down?', in association with Stroz Friedberg, looking at how law firms are tackling the growing problem of cyber risk. 

Seth Berman, executive managing director of Stroz Friedberg, believes that law firms will have to pay more attention to cyber security.  

He says in the report “The failure of UK law firms to tackle online security is leaving clients increasingly vulnerable to attacks. As custodians of clients’ intellectual property and commercially sensitive information, law firms are particularly attractive to hackers.”

"We know law firms are being targeted … hackers seeking commercial secrets are known to regard law firms as a weak link in the information chain. The very nature of law firms makes them an active target,” 

The CIO of a large law firm echoes these views: “The issue of cyber terrorism and espionage has really gone up the agenda of law firms. Large corporates now have a huge focus on this area and we need to ensure their interests are protected.” 

Berman adds: “The failure to address such threats, as part of an ongoing process of review, testing and training, could have significant business continuity, cost and reputational implications.”

Here are a few of the key findings: 

• Only 10% of law firm personnel think that UK businesses are ready to deal with cyber risks.

• Three quarters of employees in law firms with annual turnover above £500m think they are likely to be the subject of cyber attacks.

• Respondents from the legal sector are less likely (35%) to include external cyber security experts than non-lawyers (53%) in their attack contingency planning.

• The vast majority of lawyers (86%) see cyber security as an issue for the senior executives.

To view and download the full report click on the link below.

Commenting on the report Russell Price, Chairman of the Continuity Forum and a founding member of CRIF said "I hope the legal profession will take note of the findings of the Locked Down benchmarking survey as it points to serious issues within many firms and highlights the additional risks the lack of attention show exposes their clients to."

He further commented that "... as well as raising the profile of Cyber Risk across the legal profession this report points to the key activities that need to be addressed.  Fundamental is a specific Cyber Risk Assessment to calculate threat and exposure within both the firm and their work for clients."   

He added "It's pretty bad that only 1 in 4 of businesses generally undertake a Risk Assessment for Cyber Risk, but it's shocking that the report states only 1 in 10 of legal firms do this. They really should be setting a much better example with their deeper understanding of the possible legal consequences, let alone the wider impacts that could be seen.