Negligence, not malice, the biggest threat to law firm data security

Data professionals working in law firms are far more concerned about careless staff accidentally clicking on a bad link than they are about the prospect of hackers or malicious internal leaks.

Gustavo Andrade

According to a recent survey conducted jointly by the International Legal Technology Association (ILTA) and security defense firm Digital Defense Inc, careless employees are overwhelmingly the number one concern for IT professionals working within law firms. When asked to name the greatest information security threat currently facing their organisation, 60.9 per cent pointed the finger at the ‘careless employee’. Only 6.6 per cent cited ‘internal bad actor threats’ (such as a deliberate leak by a disgruntled employee) as their number one concern, while 9.9 per cent were concerned about ‘external bad actor threats’ like hackers. Malware was the second most commonly cited threat with respondents, at 11.9 per cent, while only a miniscule 0.7 per cent were most concerned about the rise of cloud computing.

High threat, low priority

The survey also revealed some key figures around investment in data security, which is struggling to catch up with the scale of the threat facing law firms. According to the survey data, only 9 per cent of firms have a separate budget for information security. Of the majority of firms that blend information security costs into their overall IT budget, information security accounted for less than 10 per cent of that budget at 79 per cent of firms. 

Email your news and story ideas to: [email protected]