Law firms have a duty to protect their client’s confidential information it is an ethical and fiduciary responsibility. The costs associated with a law office’s cyber breach are more than the loss of customer confidence. This post explains what they are.
Following the news that many the nation’s premier legal firms were hacked to find confidential information along with the Panama Papers scandal helped make law firms understand the need to beef up their cyber security to protect their own confidential files as well as those related to their clients. While client confidentiality is important to all attorneys, cyber breaches can result in significant damage and costs to a law office.
The US Attorney for the Southern District of New York, Preet Bharara had this to say recently about the attractiveness of law firms to cyber criminals following the Chinese attack at several law firms:
“This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking because you have information valuable to would-be criminals.”
The Costs of a Data Breach at a Law Firm
While most data breaches are preventable, some are not. Nevertheless, if a firm is breached, it will lose clients who view the breach as a failure of the firm’s fiduciary and ethical responsibilities. Finding new clients also becomes more difficult following a data breach.
Because of the nature of a law firm’s data, many never reported breaches. But, now nearly every state has laws making it mandatory for businesses, including law firms, to notify all clients that a potential data breach might have happened and they ought to check their financial information and credit information. This is an expensive task, because of the time and money the firm will do that is entirely non-billable.
Not following state law is not an option – for example, in Texas, a law firm can be fined as much as $250,000 from the state.
There is no 100% certainty that advanced technology will prevent a data breach. Entities with advanced security such as banks, major insurance companies, hospitals and the United States government are victims of successful data breaches by cyber criminals. Since most law firms are partnerships, the partnerships viewed cyber security as a cost of doing business that affected profits. That is changing with law firms spending about 2% of revenue on cyber security – this is good as efforts to limit or eliminate cyber security threats mitigate the firm’s damages.
Costs associated with defending a lawsuit by one client or a class action suit by many clients can be staggering. Also, the active lawsuit causes poorer public relations that in turn can lose your firm more clients and sabotage client recruitment efforts.
Speaking of hiring – top attorney job applicants can be put off if the firm’s future is in jeopardy by a potential big award.
One way to make sure that your firm’s cyber security is state-of-the-art is to engage a managed security service provider in handling your cyber security.