Proactive Options for Law Firm Cyber Security

As clients put more pressure on firms to show they have a proactive information security plan, law firms are putting an emphasis on technology risk management and cyber liability insurance.  A conversation that lasted only a few minutes over the past two years has turned into numerous conversations over extended periods of time with general counsels, firm administrators, and CFO’s.  According to Brad Barker, Senior Vice President of Paragon Brokers, “this has been highlighted this past month with news that a group of law firms are forming a cyber security alliance to allow them to access and share information regarding threats and vulnerabilities.”  The cyber security strategy should include assessment of supply chain (Third Party Service Providers) and in-house risk management accompanied by a cyber liability insurance policy. 

A Client’s Point of Weakness

Supply chain risk management is one of the most significant reasons law firms are placing more emphasis on cyber security.  Michael Kassner of TechRepublic wrote on March 6th, “many if not all of last year’s successful data breaches began with attackers compromising a portion of the victim company’s supply chain.”  Because of this, many companies are spending more time discussing cyber security with their law firms.  They want to know who has access to their data, how you’re protecting it, and do you have insurance to cover the financial impact of a breach. 

Cyber Security Tech for Client Confidence

While this may seem like a daunting task, there are numerous technology solutions to help you manage your firm’s technology risk.  One software solution is Lockpath’s Keylight platform that helps law firms transform their practices from reactive to proactive with regard to information security compliance.  Wyatt Cobb, their Vice President of Channel Sales, said, “law firms have a duty to their clients to maintain confidentiality and to protect sensitive data.  Firms we have worked with have differing needs including documenting policies, maintaining ISO 27001 compliance, and tracking the record life cycle.”  Firms of all sizes can use proactive cyber security measures to attract new clients.

How to Hedge

No matter what you do to protect sensitive information, you can be breached.  As firms are becoming more aware of this risk, more are purchasing cyber liability insurance.  Brad Barker said, “the procuring of a cyber liability policy further underlines a law firm’s assertion that they not only understand but are taking all available precautions to protect themselves and their clients from an escalating risk to the sensitive information which has been entrusted to their care.”  As your firm addresses these issues, don’t be afraid to ask for help!  This is a rapidly evolving and expanding challenge for all firms. 


Guest blogger: Travis Holt is a partner at Brush Creek Partners, a full service insurance and risk management firm, where he runs the professional services practice.  His areas of expertise include legal malpractice, technology risk management and due diligence, technology errors and omissions, cyber liability, and executive liability.