In today's environment, every business needs to be alert to the risk of data breaches and cyber crime. Digital assets have become one of the most value commodities companies possess, and the potential rewards to criminals who are able to access this data can be high.
Firms that frequently deal with highly sensitive information are therefore at especially high risk. Enterprises such as financial services organisations may be obvious targets, but one sector that also needs to be aware of the risks is the legal profession.
Law firms may not consider themselves a traditional target for hackers, but they are increasingly coming under attack from organised criminals seeking valuable data. Yet despite this growing threat, many organisations are still getting by on outdated security solutions that are not equipped to deal with the new era of sophisticated attacks.
Therefore, here are three key reasons why businesses in this sector need to pay more attention to cyber security and improve the systems they have in place to defend against attacks.
1. They're a tempting target
Although any data-heavy businesses is likely to attract the attention of criminals in today's environment, law firms are particularly attractive targets, both because of the nature of information they hold, and the perceived easiness of gaining access to it.
Ralph Baxter, chairman of Thomson Reuters Legal Executive Institute, noted these firms typically maintain significant amounts of highly valuable data about their clients, as well as other data they have assembled in the course of representing those clients. Therefore, many criminals will go after law firms because "that's where the data is".
Back in 2012, a study by Mandiant estimated 80 of the top 100 US law firms experienced a cyber attack in the previous year - and the situation has only got more serious since then. Mr Baxter said: "It would be hard to overstate the magnitude of the risk law firms face. The likelihood that they will be targeted approximates 100 per cent."
2. Their systems are outdated
One reason for this is that efforts law firms have made to protect their systems have not kept pace with those of hackers. A 2014 survey by Marsh, for example, found that while 98 per cent of legal practices report they have secure redundant systems, and three-quarters have tools in place to detect non-compliance with privacy policies, many companies rely on third-party vendors for their technology needs, which they may not adequately assess for security.
Mr Baxter noted: "The bad guys know that law firms lag behind their clients both in the timing of their cyber security programs and the resources that are devoted to them. Not only are law firms where the data is, they don't have the most effective guards protecting the vaults."
3. They're not alert to the threat
Despite this, Marsh's survey found more than seven out of ten law firms (72 per cent) have not calculated the potential scale and cost of a data breach, while 41 per cent are not insured for the fallout of an incident.
Meanwhile, figures released earlier this year by the Information Commissioner's Office revealed 173 law firms in the UK were investigated last year for potential data breaches. Of the 187 individual incidents recorded, 29 per cent related to security issues, with a further 25 per cent being the result of incorrect disclosure of data.
Don Randall, senior consultant at Bivonas Law, told the Legal Gazette: "When you consider that organisations such as government agencies and even the Pentagon are hacked, it is only a question of time before a major breach occurs in the legal profession."