Login | March 18, 2019

Some law firm security stats from 2017

Technology for Lawyers

Published: February 23, 2018

The 2017 ABA Techreport is out, filled with innumerable stats and surveys. The report annually covers every imaginable aspect of legal technology and can be handy as a sort of guidepost to see where any given firm, from solo to mega, finds itself on a tech continuum.

The report is divided into training, planning and budgeting, security, litigation, mobile, cloud social media, solo and small firm, virtual office and practice management sections. They are also divided generally into firm size: 500-plus attorneys, then 100-499, 50-99, 10-49, 2-9 and solo.

Here are a few from the security section.

Breaches: A pretty substantial percentage of all firms reported security breaches. Around a third of mid-sized firms reported breaches, along with about a fifth of mid-sized and a quarter of small firms. “Larger firms have more people, more technology, and more data, so there is a greater exposure surface, but they also should have more resources to protect them.” At the same time, upwards of half of the respondents didn’t know the answer to that question.

But the good news is that only around one percent of those breaches involved unauthorized access to confidential client data. Nevertheless, they almost all caused lost time and money.

About 17 percent of those breaches were reported to law enforcement—BUT—only around half were reported to clients. Not a good look.

Almost half of the firms reported being victimized by malware/spyware/viruses. Somewhere around half of the firms don’t even have security policies. When will you all start listening?

For a long time (forever) I’ve tried to get anyone listening to employ third-party security firms to at least study your systems. Still, less than a third of firms have done so. The larger firms are more likely to employ third parties, but that is often only triggered by a client request.

And, still, only about a quarter of responding firms carry cyber insurance. In Ohio, OBLIC has cyber insurance, so go get some. Really.

I’ll throw some more stats from other parts of the report out over the next few weeks, but you can see the whole thing for yourself, if you want.

Here’s the link to the study: https://www.americanbar.org/groups/law_practice/publications/techreport/2017.html