Breach Reports on Rise in US

The data breach of all time, it seems that, in today’s age of technology, no one is safe. 

Last year brought us millions of documents and data leaked, exposing the dirty laundry of many leaders, celebrities and companies out in the open for everyone to see and at the same time ruining financial security of many US- based law firms as class action upon class action kept mounting, holding the law firms responsible for the breach, or better to say, for failing to keep their client data unsealed.

Every year American Bar Association (ABA) conducts a survey, questioning law firms about different security breaches that they have experienced.

According to the last legal technology survey (LTS), 26% of questioned law firms admitted that they experienced some sort of data breach. 

The number of law firms that did not participate in the survey or did not disclose their breach number is unknown.

However, it is estimated that the increase in cyber attacks against law firms in the US skyrocketed from 2015 to 2016 by unbelievable 60%. 

The estimate for 2017 is even greater with 2018 reaching cyber breach the newest heights.

Who is in danger?

As we all know, everyone is! But, according to the last LTS, the law firms that reported the most security breaches were in the group of larger US-based law firms, employing over 500 attorneys.

This does not come as a surprise as larger companies mean more people, more data, more technology and more risk contact points.

On the other hand, the report also pointed out that small law firms, employing up to 5 attorneys, are also at risk, as they often don’t invest enough money in security measures. 

Consequences of Data Breach for Law Firms

As we have mentioned, the most serious consequence of a breach for a law firm is the loss of their information as well as unauthorized access to client data that is otherwise considered sensitive. 

According to LTS, 14% of law firms questioned reported a loss of important files.

This resulted in a severe shock when it came to their budgets. 

Over a third of law firms reported a loss of billable hours, almost 30% paid hefty fees for correction, and a quarter needed to replace their hardware/software units which again was unexpected and unplanned.  The law firms questioned only reported the immediate financial losses that cyber attacks caused.

The financial loss from the lawsuits and class actions taken against the law firms that suffered cyber attacks were not reported and are still unknown.

Why Law Firms?

The simple answer is:  due to the sensitive data. 

As an organization that handles sensitive information, including financial data, tax information, intellectual property and the like, a law firm is a warehouse of valuable goods to cyber criminals, who are ready to exploit the information found for their financial gain, as we have seen in a recent attack of Chinese hackers who managed to earn over $4 million thanks to the information about acquisitions and mergers they got from hacking different US law firms.

On the other hand, a number of cyber criminals, aka hacktivists, often attack law firms in order to expose what they see as corruption.

The second reason why law firms get attacked so often is their lack of security systems.

Though certain regulations, HIPAA included, do protect some of the information, they are simply not enough. What is needed is an obligatory security standard agreement, which will provide the much needed security measures.

According to the last ABA report, many law firms do not include key security measures, such as security policies, antivirus for laptops/ desks and encrypted mail.

That law firms are not the only corporations who need to improve their security measures prove the breaches that Newkirk, a service provide that issues healthcare ID cards, and HSBC, one of the biggest financial institutional organizations, reported last year.

Over Newkirk 700000 users were affected by the breach and about 250000 HSBS clients experienced similar problems.

After all this data, one thing is for certain: the future for law firms and other corporations is certainly going to be gloomy if the trend of constant cyber attacks and lack of proper security measures continues.