This week I tackle the issue of law firms and cyber-attacks with the publication of “Law Firms and Cybersecurity: A Comprehensive Guide For Law Firm Executive Committees,” together with an accompanying webcast entitled, “Law Firms Under Cyber-Siege — How Law Firms Can Manage Data Breach Risks and Thrive Amid Cybersecurity Solutions.” Here is an excerpt from the Guide and please be sure and tune into the webcast:
“As cyber-attacks continue to proliferate, more and more law firm executive committees will come to realize that cybersecurity risks now actually trump most (if not all) other business risks – and not just because technology and networks touch every aspect of a legal enterprise. For law firms in particular, this is the dawning of a new era of data breach and incident response, where trying to avert a cyber-attack is like trying to prevent a kindergartener from catching a cold during the school year. The nature, extent and potential adverse impacts of these risks call for a proportionate response.
But cyber-attacks can be extraordinarily complicated and, once identified, demand a host of costly responses. These include digital forensic preservation and investigation, notification of a broad range of third parties and other constituencies, fulfillment of a confusing constellation of state and federal compliance obligations, potential litigation, engagement with law enforcement, the provision of credit monitoring, crisis management, a communications plan – and the list goes on. During the aftermath of a data breach, a law firm’s notification responsibilities alone involve a lengthy list of relevant constituencies, including clients, vendors, joint venturer’s, employees, affiliates, insurance carriers and a range of other interested parties.
And besides the more predictable workflow, a law firm is exposed to other even more intangible costs as well, including temporary or even permanent reputational and brand damage; loss of productivity; extended management drag; and a negative impact on employee morale and overall law firm performance.
So what is the role of a law firm executive committee amid all of this complex and bet-the-company workflow? For certain, simply receiving regular reports on a law firm’s cybersecurity risk management is no longer enough. Both a law firm’s clients and employees now expect law firm executive committees to make a substantial effort to understand and oversee cybersecurity, even though the typical law firm executive member has limited IT experience. But how? The answer lies in this cybersecurity guide, specially tailored for law firm senior executives.
Within this guide, law firm leaders will find a hefty catalogue of cybersecurity considerations that provide a bedrock of inquiry to help take their responsibilities seriously, specifying the requisite strategical framework to engage in an intelligent, thoughtful and appropriate approach to reducing a law firm’s cybersecurity risks.”