Trellis White paper Ad 770 Spot #6
share TWEET PIN IT share share 0
Survey Highlights

Cybersecurity Survey Results: What Keeps You Up Nights?

By Simon Chester

This past month, newspapers around the world have been filled with stories of the Panama Papers — a massive trove of confidential tax planning information that will probably topple more than one politician. For lawyers and law firms, the chilling fact is that these millions of documents emanated from the computer files of a global law firm — Mossack Fonseca. Their client records and all of their secret dealings are now being read by journalists around the world.

Was it done by some skilled cybersleuth, intent on exposing illegal or improper activity, or at least hypocrisy? Was it a disgruntled internal whistleblower, within the law firm? Either way, it points to the vulnerability of law firms, and to the seriousness of the stakes when confidential client information is leaked.

What’s in Your Cybersecurity Bag of Tricks?

A month ago, we asked the Attorney At Work community to let us know how confident you are about cybersecurity in your firm. Today, we unveil the results. (Download highlights here.)

Bottom line: Results from the Attorney at Work Cybersecurity Survey show clearly the vulnerability of law firms. None of us, however small or large, can afford to be complacent.

How Do You Sleep?

We started by asking what keeps you up at night. Topping the list was worry about sensitive client information and personally identifiable information being stolen. Credentials and identities being stolen pulled up third.

Top 6 Worries - Attorney at Work Cybersecurity Survey

Lawyers are notoriously sloppy about passwords, and one does not have to be a star pupil in a cyber-hacking graduating class to break through our security. Generally, law firm computers are much easier to attack than government or business computers.

Is your insurance adequate? When asked if their firm had cyber-insurance covering data breaches, only 22 percent said yes, while 47 percent said their insurance didn’t cover cyber issues. 

A recent UK government survey suggested that everyone overestimates their insurance. In that survey, 52 percent of CEOs were confident they had cyber coverage, but according to the insurance industry, take-up was less than 2 percent — rose-colored glasses in the executive suite?

Figure 2 - Cybersecurity Survey

Do you encrypt flash drives? Given the huge capacity of flash USB drives and other mobile devices, we were surprised that only 27 percent of those surveyed routinely encrypt them.

Do you know how to encrypt email? We were surprised that 56 percent of those surveyed said they knew how to encrypt an email. In a similar Australian survey, most firms provided encryption services for lawyers, but very few actually knew how to use them.

Can you stop insiders? Most respondents — 58 percent — were confident they have adequate systems to deal with insider threats. We were surprised at this level of confidence, given the stories in legal publications about staff members taking advantage of weak firm security. Perhaps our readers know something that the Am Law100 firms don’t?

Figure 1 - Cybersecurity Survey

Are you confident? Twenty percent responded that they were “very” confident about their firm’s ability to manage cybersecurity. When you add in those who were “somewhat” confident you end up with a colossal 91 percent who said they were okay. Almost as many were confident that management appreciated cybersecurity risks and the firm’s vulnerabilities.

Are clients bugging you about security? While a significant number (39 percent) said that clients were asking about cybersecurity, that left a majority reporting no client pressure on the issue.

So if data breaches happen, what are you going to do about them? Only one in three of those surveyed — 34 percent — had a crisis management plan in place to deal with data security breaches. Another quarter reported planning to do so in 2016.

Figure 3 - Cybersecurity Survey

The Panama Papers may encourage a few more firms to actually put this on their priority action list.

You can download the one-page highlights report here.

Categories: Daily Dispatch, Legal Cybersecurity, Legal Technology
Originally published April 27, 2016
Last updated October 1, 2018
share TWEET PIN IT share share
Simon Chester Simon Chester

Simon Chester is Counsel, Conflicts and Regulatory Matters, Gowling WLG (Canada) LLP. His career includes law teaching, government service and 30 years of big firm private practice. With roots in three continents, he is a global lawyer, qualified in both Europe and North America. A Fellow and past president of the College of Law Practice Management, Simon has spoken on professional and technology issues to hundreds of groups in 10 countries. He is also a co-founder of the blog

More Posts By This Author
MUST READ Articles for Law Firms Click to expand

Welcome to Attorney at Work!

Sign up for our free newsletter.


All fields are required. By signing up, you are opting in to Attorney at Work's free practice tips newsletter and occasional emails with news and offers. By using this service, you indicate that you agree to our Terms and Conditions and have read and understand our Privacy Policy.