Cloud Security, Compliance Management, Privacy

Report: Half of law firms do not have a data protection committee

As corporations struggle to prepare against massive breaches like those that have rattled the industry over the past year, two reports by a legal competitive intelligence group shed light on how perspectives are shifting among legal professionals.

The two reports, published by ALM Legal Intelligence, the competitive intelligence unit of ALM Media, explore reactions to cyber threats as voiced by law firms and corporate clients. The results demonstrated some of the conflicting cyber priorities for corporate entities and their legal teams.

As the legal sector weighs the logistical challenge of preventing hacks and data breaches, charting a strategic plan is a challenge for law firms.

One of the reports, "Cybersecurity and Law Firms," surveyed 69 professionals at law firms, serving as CIO (28 percent), COO (14 percent), IT director (14 percent), information security director (9 percent), CFO (7 percent) and executive director (7 percent) positions. The report found only half of the law firm professionals surveyed said their firm has a data protection team or committee in place.

The report also noted that 73 percent of the professionals surveyed said their firm has a data breach plan in place, while 22 percent of the respondents said their firm is in the process of creating a plan.

Steven Kovalan, senior analyst at ALM Legal Intelligence and lead author of the law firm report, told SCMagazine.com the subject of data sharing with government agencies has been a hot topic among legal professionals. “While companies may welcome a certain level of immunity in sharing data, they still recognize a reputational risk,” he said.

He noted that general counsel professionals regularly use email encryption for sensitive emails sent internally, but he said, “We've heard from general counsel that this is not necessarily something that has been widely adapted among outside counsel.”

The other report, ‘Cybersecurity and Corporate Counsel', surveyed 50 individuals who work primarily in corporate counsel-related roles. The participants work in the technology (29 percent), industrial (19 percent) and financial services (17 percent) sectors.

While 95 percent of the survey's respondents believe cyber attacks are increasing in frequency, this awareness has not yet created a strong impetus to change corporate practices. Most of the participants “reported feeling uncomfortable with their company's ability to withstand a cyber breach,” the corporate counsel report stated.

Corporate counsel professionals reported that third-party vendors are increasingly vetted according to their information security protocols. In speaking with SCMagazine.com, Daniella Isaacson, senior analyst at ALM Legal Intelligence and lead author of the corporate counsel report, said corporate counsel professionals are willing to walk away from vendors who don't account properly for their practices.

“Vendors that do not comply with ABC's cybersecurity and information security policies are not given access to any sensitive data and may be banned from working with the company entirely,” Evan Farber, chief legal officer at The Advisory Board Company, said in the report.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

You can skip this ad in 5 seconds