Threat Landscape: Law Firms

Balancing security with usability

User acceptanceand behavior

User education and awareness

Culture of firm

Law Firms Get A Powerful Wake-Up Call About Cyber Threats

Law firms are prime targets for cyber

attackers. One out of four law firms

with more than 100 attorneys have

su�ered a cyber breach.1 Their rich

data stores make them extremely

attractive to cyber criminals.

• Clients’ personally identifiable information (PII) • Payment card information (PCI)• Confidential details of lawsuits and merger and acquisition deals• Intellectual property

Other

A growing number of big corporate clients are demanding that their law firms take more steps to guard against online intrusions that could compromise sensitive information as global concerns about hacker threats mount.”

– “Law Firms are Pressed on Security for Data,” New York Times, March 26, 2014.

– ABA Model Rule of Professional Conduct 1.6

A lawyer shall make reasonable e�orts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”

“

“

22%

22%

24%

1%

31%

• 63% of law firms spend less than 0.5% of gross revenues for data breach detection and prevention

• 85% of law firms spend less than 0.5% of gross revenues on response and remediation e�orts

30% of law firms reported that breaches resulted in a loss of billable hours.2

Better security for law firms:the challenges6

but

Biggest worries facing law firms

Steps to Stronger Cyber Security for Law Firms

1. American Bar Association. “Legal Technology Report.” 2015.

2. American Bar Association. “Legal Technology Report.” 2015.

3. Marsh USA. “Law Firm Cyber Survey.” 2014.

4. American Bar Association. “Legal Technology Report.” 2015.

5. ALM Legal Intelligence. “American Law Tech Survey.” 2015

6. International Legal Technology Association. “2015 Tech Survey.”

December 2015.

1. Decide on a chain of command. Include list of persons authorized to perform specific tasks, such as restore compromised systems or communicate with the press

2. Create a formal written security policy. Include policies and procedures, as well as administrative, physical and technical safeguards for information assets

3. Train everyone in the firm. Educate everyone, from executives to clerks, on proper security etiquette

4. Invest in security solutions. Identify and get the right tools for your needs: deterring cyber attackers, detecting when they manage to infiltrate your environment or containing and eradicating threats

5. Acquire current threat intelligence. Reduce the time between detection and remediation with strong contextual intelligence alongside your alerts

6. Consider an incident response retainer service. Don’t waste precious time in the event of a breach

7. Evaluate cyber insurance coverage. Transfer some of your financial risk to

a third party

• 77% of law firms’ CIOs believe cyber threats are more serious than they were two years ago4

• 79% of law firms ranked cyber security as a top 10 risk

• 72% of law firms have not assessed how much a breach would cost them

• 62% of law firms have not calculated lost revenue from a breach

• Fewer than 50% of law firms are insured against cyber breaches

Many law firms don’t take the threat seriously3

Few firms invest in cyber protection5?

Costs of a cyber breachadd up:

FOR MORE INFORMATIONVISIT: WWW.FIREEYE.COM

© 2016 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. INFO.OTA.EN.US.052516

Damaged reputation

Lost customersBusiness disruption

InvestigationRemediation

Customer notificationsFines and penalties

Litigation$

Other

Outsiders tryingto break intonetwork

Not knowing if data has been compromised

Not knowing if the firm is under attack

9%

25%

23%

16%

16%

11%