[infographic] threat landscape: law firms
TRANSCRIPT
Threat Landscape: Law Firms
Balancing security with usability
User acceptanceand behavior
User education and awareness
Culture of firm
Law Firms Get A Powerful Wake-Up Call About Cyber Threats
Law firms are prime targets for cyber
attackers. One out of four law firms
with more than 100 attorneys have
su�ered a cyber breach.1 Their rich
data stores make them extremely
attractive to cyber criminals.
• Clients’ personally identifiable information (PII) • Payment card information (PCI)• Confidential details of lawsuits and merger and acquisition deals• Intellectual property
Other
A growing number of big corporate clients are demanding that their law firms take more steps to guard against online intrusions that could compromise sensitive information as global concerns about hacker threats mount.”
– “Law Firms are Pressed on Security for Data,” New York Times, March 26, 2014.
– ABA Model Rule of Professional Conduct 1.6
A lawyer shall make reasonable e�orts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
“
“
22%
22%
24%
1%
31%
• 63% of law firms spend less than 0.5% of gross revenues for data breach detection and prevention
• 85% of law firms spend less than 0.5% of gross revenues on response and remediation e�orts
30% of law firms reported that breaches resulted in a loss of billable hours.2
Better security for law firms:the challenges6
but
Biggest worries facing law firms
Steps to Stronger Cyber Security for Law Firms
1. American Bar Association. “Legal Technology Report.” 2015.
2. American Bar Association. “Legal Technology Report.” 2015.
3. Marsh USA. “Law Firm Cyber Survey.” 2014.
4. American Bar Association. “Legal Technology Report.” 2015.
5. ALM Legal Intelligence. “American Law Tech Survey.” 2015
6. International Legal Technology Association. “2015 Tech Survey.”
December 2015.
1. Decide on a chain of command. Include list of persons authorized to perform specific tasks, such as restore compromised systems or communicate with the press
2. Create a formal written security policy. Include policies and procedures, as well as administrative, physical and technical safeguards for information assets
3. Train everyone in the firm. Educate everyone, from executives to clerks, on proper security etiquette
4. Invest in security solutions. Identify and get the right tools for your needs: deterring cyber attackers, detecting when they manage to infiltrate your environment or containing and eradicating threats
5. Acquire current threat intelligence. Reduce the time between detection and remediation with strong contextual intelligence alongside your alerts
6. Consider an incident response retainer service. Don’t waste precious time in the event of a breach
7. Evaluate cyber insurance coverage. Transfer some of your financial risk to
a third party
• 77% of law firms’ CIOs believe cyber threats are more serious than they were two years ago4
• 79% of law firms ranked cyber security as a top 10 risk
• 72% of law firms have not assessed how much a breach would cost them
• 62% of law firms have not calculated lost revenue from a breach
• Fewer than 50% of law firms are insured against cyber breaches
Many law firms don’t take the threat seriously3
Few firms invest in cyber protection5?
Costs of a cyber breachadd up:
FOR MORE INFORMATIONVISIT: WWW.FIREEYE.COM
© 2016 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. INFO.OTA.EN.US.052516
Damaged reputation
Lost customersBusiness disruption
InvestigationRemediation
Customer notificationsFines and penalties
Litigation$
Other
Outsiders tryingto break intonetwork
Not knowing if data has been compromised
Not knowing if the firm is under attack
9%
25%
23%
16%
16%
11%