Photo by Alexander Zemlianichenko Jr. (Bloomberg)
Photo by Alexander Zemlianichenko Jr. (Bloomberg)

ABA Survey: Data Breaches Rising at Large Firms

  • Law Firms Can Now Share Cyber Threats. But Will They?
  • Survey: GCs’ Ability to Mitigate Cybersecurity Risks Remains Top Concern
  • Cybercrime at Firms Triggers Ethical Duties
  • The number of security breaches continues to increase at the nation’s largest law firms, according to the American Bar Association’s 2015 Legal Technology Survey released this week.

    The survey found that firms with more than 100 lawyers experienced the most significant jump in reported breaches, which were defined as everything from a lost or stolen smartphone to a break-in or website exploitation. The chart below shows a more detailed breakdown:

    Courtesy: ABA Legal Tech Survey.

    Courtesy: ABA Legal Tech Survey.

    Roughly 880 lawyers participated between January and May in the survey’s Technology Basics and Security section, from which the above information was drawn.

    In a follow up question, 71.4 percent of participants from a firm with 500 or more lawyers, and 66.7 percent from a firm with 100 or more lawyers said there was no significant business disruption or less. Five percent of the firms reported that the breach required their firm to notify clients, and three percent reported that a breach resulted in unauthorized access to client data.

    The report runs to more than 700 pages and contains various data points about technology and security: More than 75 percent of law firms with 100 or more attorneys have a chief information security officer or a staff person with responsibility for data security.

    One of more interesting data points was how few attorneys concern themselves with cyber security. For instance, more than 80 percent of the survey respondents who hailed from a firm with more than 100 attorneys said they didn’t know if their firm had cyber liability insurance. Overall, among all respondents, only 11.4 percent said their firm had cyber liability insurance.

    Asked whether a client ever requested a security audit or asked their firm to verify security practices, roughly 52 percent of respondents from firms with 100 or more attorneys said they didn’t know.

    More generally, an even larger number of respondents didn’t know if their firm has ever had a full security assessment conducted by an independent third party — at firms with 100 to 499 attorneys, 57.6 percent didn’t know, and at firms with more than 500 attorneys, 77 percent didn’t know.