Study finds that cybersecurity measures are improving, but most firms still fail to implement critical ‘Best Practices.’
LOGICFORCE, a leading legal IT consultancy, today released the results of its most recent Law Firm Cybersecurity Scorecard, a regular study designed to assess cybersecurity preparedness across the legal industry and educate law firms on data protection best practices.
The data shows that over the last year, many law firms have been focusing on creating stronger cybersecurity programs by adopting formal cybersecurity policies and implementing training for all attorneys and staff. These changes have led to an increased industry score of 60%, which reflects improved cybersecurity practices across the legal industry and is the strongest industry score to date.
However, many firms are still failing to implement many cybersecurity best practices, including the use of records management policies, multi-factor authentication (MFA), and data loss prevention technology (DLP). Neglecting the use of these technologies weakens overall cybersecurity efforts and poses major problems for law firms attempting to pass client audits.
“While we’re encouraged to see that the industry score is improving overall, many firms are enhancing cybersecurity efforts only to meet the increasing requirements of client audits,” said Gulam Zade, CEO of LOGICFORCE. “Law firms need to proactively implement stronger cybersecurity practices; not only do their clients expect it, but the market will continue to drive and demand strong security measures as technology evolves.”
Cybersecurity Scorecard key findings include:
The legal industry score for cybersecurity health among law firms has increased from 54% in 2018 to 60% in 2019.
This positive movement is largely attributable to law firms’ improved adoption of formal cybersecurity policies and training this year. The percentage of law firms that have formally documented cybersecurity policies increased from 55% in 2018 to 70% in 2019. In addition, about 7 in 10 law firms (68%) have invested in formal cybersecurity training for their employees, up 14 points from last year (54%).
Client audits demand improved cybersecurity best practices.
Over half (51%) of the firms surveyed are being audited at least once by a client. While this is nothing new, we’ve seen an increase in the amount of effort required in the response – a yes or no answer will no longer suffice. Today, clients are asking for more details including whether a firm has policies regarding how data is processed and handled, what the retention policies are and whether employees are trained on secure data practices.
To battle increasingly complex cyber-risks, law firms need the right personnel to lead their multi-dimensional cybersecurity practices.
Only about half (49%) of law firms have an information security officer who is responsible for their cybersecurity practices. Many still rely on IT managers or non-IT executives who may not have the specialized knowledge and expertise to design and implement proper cybersecurity policies and standards.
The information in this study is a compilation of critical data points determined by LOGICFORCE and gathered through client surveys, the firm’s proprietary SYNTHESIS E-IT SECURE® assessments, and market research. LOGICFORCE commissioned a survey to determine the cybersecurity policies, practices, and tools that are currently being implemented at law firms and assessed more than 200 IT decision makers across small and medium-sized law firms (20-200 attorneys) located throughout the United States.
LOGICFORCE is a technology consulting firm that improves the profitability and operations of law firms through the strategic application of technology. The firm’s specialties include IT optimization, eDiscovery, document review, cybersecurity and digital forensics. Since 1995, LOGICFORCE has worked with hundreds of law firms across the country to ensure improved security and productivity within their legal business. To learn more about LOGICFORCE, visit www.logicforce.com.