Law firms this year will typically spend more than $6.9 million on information security, or 1.92 percent of their gross annual revenues, a recently released survey of big law firms said.
Client demands and obligations to protect data fueled investment decisions, cited by 59 percent of respondents in the Chase Cost Management (CCM) survey report released Aug. 27.
According to the report, more than 21 percent of law firms are strengthening in-house security skills. Approximately 12 percent of respondents cited the following security investment priorities: identifying gaps through internal and external security assessments; transferring risk with new or updated cyber-liability insurance policies; and training attorneys and staff on electronic communications risks and best practices for identifying phishing e-mails.
“Identifying cybersecurity priorities and knowing what makes a reasonable investment will help law firms gain the highest returns on their information security budgets,” CCM President Len Levy said in a statement announcing the survey report. “Otherwise, they risk spending too much and draining firm profits, or spending too little and jeopardizing the privacy and integrity of their information assets.”
Michael J. McGuire, chief information security officer at Littler Mendelson PC in Minneapolis, told Bloomberg BNA Sept. 1 that while his firm “does not release financial data in the press, I can tell you that we invest heavily in resources to ensure that we are constantly enhancing and improving the security of our data.”
The typical survey respondent was a chief information officer or information technology director at an Am Law 200 firm with 827 full-time attorneys and staff and more than $363 million in gross annual revenues.
Forty-two percent of law firms surveyed have annual gross revenues of between $101 million and $500 million, 26 percent have revenues exceeding $500 million and 32 percent have revenues exceeding $100 million, the report said.
A quarter of respondents said their firm’s 2015 operating budget for information security and compliance investments is $5 million. Fifty percent said the operating budget ranged between $500,000 and $4.9 million, and 25 percent said the operating budget ranged between $75,000 and $499,000.
The average amount spent is $8,440 per full-time equivalent employee, the survey report said.
Nearly three-quarters of law firms invested in some level of cyber-liability insurance, according to the report.
CCM, a subsidiary of LAC Group, which advises corporations and law firms, distributed a 10-question online survey to attendees at Thomson Reuter’s 5th Annual Law Firm CIO|CFO|COO Forum, held June 3 in New York.
The report, “What Price Peace,” is available for download after registration at http://ccmchase.com/cybersecurity-report-download/.