Breach Reports on Rise in US
The data breach of all time, it seems that, in today’s age of technology, no one is safe.
According to the last legal technology survey (LTS), 26% of questioned law firms admitted that they experienced some sort of data breach.
The number of law firms that did not participate in the survey or did not disclose their breach number is unknown.
However, it is estimated that the increase in cyber attacks against law firms in the US skyrocketed from 2015 to 2016 by unbelievable 60%.
The estimate for 2017 is even greater with 2018 reaching cyber breach the newest heights.
Who is in danger?
As we all know, everyone is! But, according to the last LTS, the law firms that reported the most security breaches were in the group of larger US-based law firms, employing over 500 attorneys.
This does not come as a surprise as larger companies mean more people, more data, more technology and more risk contact points.
On the other hand, the report also pointed out that small law firms, employing up to 5 attorneys, are also at risk, as they often don’t invest enough money in security measures.
According to LTS, 14% of law firms questioned reported a loss of important files.
This resulted in a severe shock when it came to their budgets.
Over a third of law firms reported a loss of billable hours, almost 30% paid hefty fees for correction, and a quarter needed to replace their hardware/software units which again was unexpected and unplanned. The law firms questioned only reported the immediate financial losses that cyber attacks caused.
The financial loss from the lawsuits and class actions taken against the law firms that suffered cyber attacks were not reported and are still unknown.
Why Law Firms?
The simple answer is: due to the sensitive data.
As an organization that handles sensitive information, including financial data, tax information, intellectual property and the like, a law firm is a warehouse of valuable goods to cyber criminals, who are ready to exploit the information found for their financial gain, as we have seen in a recent attack of Chinese hackers who managed to earn over $4 million thanks to the information about acquisitions and mergers they got from hacking different US law firms.
Though certain regulations, HIPAA included, do protect some of the information, they are simply not enough. What is needed is an obligatory security standard agreement, which will provide the much needed security measures.
According to the last ABA report, many law firms do not include key security measures, such as security policies, antivirus for laptops/ desks and encrypted mail.
Over Newkirk 700000 users were affected by the breach and about 250000 HSBS clients experienced similar problems.