Login | March 28, 2024

Nearly a quarter of large firms reported security breaches in 2015

RICHARD WEINER
Technology for Lawyers

Published: April 29, 2016

According to the ABA’s 2015 Techreport, data security breaches were a major problem for law firms in 2015.

Nearly one quarter of firms comprised of 100 or more attorneys participating in the report’s surveys said that the firm had reported a data breach. The smaller the firm, the lower the level of these breaches, until around 10 percent of solo firms reported such breaches.

While these numbers are very problematic, they do come with a bit of a caveat, as the report noted that the larger the firm, the less likely the respondent would be aware of such breaches.

Nevertheless, like I’ve been saying for many years now, data security should be the number one consideration in law office practice. Clearly, it is not yet such.

And the survey had an even more pathetic indicator:

In addition to being unaware of whether or not their firms’ data has been breached, at least 20 percent of attorneys said that they didn’t even know what the consequences of such a data breach would be.

Moving on, over 40 percent of firms of any size reported computer virus infestations (which don’t happen as often if you have security protocols in place).

Larger firms reported having a chief information security officer far more than smaller firms, but half or fewer of all responding firms reported that they have a specific document/email/internet/social media/privacy retention or control policy.

Digging into that a little further, 20 percent of firms have no document policies at all, and ten percent of respondents don’t know whether or not their firms have such policies. Yikes.

Clearly, getting a law degree is no sign of intelligence. Really—those people might as well take their client files down to Chipotle and give them away to random strangers. (For you locals—my son is now the restaurant general manager at the Chapel Hill Chipotle—so dig in!).

There’s more!

More than half the firms have never had an outside security assessment. Fewer than 15 percent of firms have cybersecurity insurance. Only 20 percent encrypt their data.

And, despite the fact that 40 percent of large firms reported some kind of physical disaster last year, only about half of all firms overall even have a disaster recovery/ business continuity plan in the event of a fire or flood.

Well, enough of that. As the preacher said to the new sheriff in Blazing Saddles, “you’re on your own.”


[Back]