Thursday, November 14, 2013

AmLaw Survey: Firms Rank Data Security as Key Concern

"2013 Am Law Tech Survey: Data Security Fears Rise"
  • "To be sure, security has always been a top-of-mind issue for law firms. But as The American Lawyer's 18th annual survey of law technology reveals, the worries, and the stakes, have never been greater. Eighty-six percent of respondents—technology directors and CTOs from 87 Am Law 200 firms—say they are more concerned about security threats now than they were two years ago. An array of factors, the chiefs say, are driving the heightened focus: tougher regulatory requirements, more security-conscious clients, and the more sophisticated techniques used by cyber-criminals, who are increasingly targeting law firms."
  • "'Law firms are often targeted [since] they store information on clients' pending deals and litigation,' Austin Berglas, assistant special agent in charge of the cyber branch in the FBI's New York office, told The American Lawyer earlier this year. 'Organizations who do not protect their 'crown jewels,' or proprietary information, and segregate it from any external facing network, run the risk of having this important information stolen during a cyber attack.'"
  • "Indeed, firms have been busy ramping up their defensive posture—and according to the survey, plan to continue that focus in the coming year. At some firms, this has involved creating new positions focused exclusively on security. Blank Rome hired its first director of information security this year. Ballard Spahr now has an IT security expert on staff. 'It's not like we weren't concerned about security before, but we see the need for a more targeted focus,' says Lisa Mayo, Ballard Spahr's director of data management."
  • "'The short, glib answer is, clients are driving the heightened focus,' says one CIO who asked not to be identified. 'There is a lot of noise, especially out of the banking industry, about looking specifically at your law firms.' Tougher regulatory frameworks, not just in finance but in sectors like health care, are causing clients to ask more questions about the security their firms do, and don't, have in place. 'We're seeing a significant increase in client security questionnaires and on-site reviews,' says another CIO, who asked not to be identified. 'Many firms are [secured] pretty well, but clients may require certain things and firms may have to add systems.'"
  • "Increasingly, these conversations are happening before engagements are won. 'Now as part of the RFP process, you'll need to provide very detailed specifications on what you have in place,' says Mayo. 'It's becoming a factor in whether you will get the business.'"
According to the interactive survey results: Two of the top reported security concerns are:
  • "Insiders taking intellectual property out of the data network"
  • and "Not knowing if data has been compromised"
See Intapp for information on technology approaches to addressing these law firm information security management, and a white paper highlighting several published corporate outside counsel guidelines, including examples of these more stringent confidentiality standards / audit requirements.

No comments:

Post a Comment