The report concludes that firms are unprepared for a cyberattack. ‘Many firms' confidence in their own cyberattack preparedness seems misguided. Our research indicates that most remain surprisingly unprepared for the threat,’ says Daniella Isaacson, co-author of the report and ALM Intelligence Senior Legal Analyst. ‘For example, many never test their cybersecurity protocols. This means that on the day of a breach, those firms are using an unproven response plan.’
Key findings from ‘Cybersecurity and Law Firms: Defeating Hackers, Winning Clients’ by ALM Intelligence include:
1. More than 70 per cent of firms report that their clients have exerted pressure on them to increase internal data security;Law firms are more confident than ever in their ability to withstand a cyberattack;
2. Many firms have failed to build out partnerships and protocols that would provide dependable protection and robust response to a data breach;
3. Worse, more than 50 per cent do not regularly conduct fire drills to test the efficacy of their plans
4. More than 85 per cent of Am Law 200 firms identify as having a practice group dedicated to issues of data privacy and security;
5. More than 40 per cent of firms with a cybersecurity practice group expect to grow their headcount in the next year.
Fellow Senior Legal Analyst and co-author Steven Kovalan adds, ‘On the flip side, the opportunity cybersecurity represents for law firms is growing rapidly. Within the Am Law 200, the vast majority of firms have created a dedicated cybersecurity practice. However, the scarcity of cybersecurity talent calls into question the legitimacy of these practices, and indicates that many firms are marketing themselves around a nascent skillset that they may not be able to deliver.’