As the world shifts to digital, cybercrimes will become a feature of the digital age. From targeting websites, to physical infrastructure, the incidences of significant cyberattacks has increased in recent years. Law firms have long embraced the use of software and in recent years, they have followed the shift to digital, with the American Bar Association finding that 60% of law firms have their data stored on the cloud. Law firms have increasingly become the focus of cybercrimes, and they will need to find solutions to improve their ability to protect themselves.
Although cybersecurity issues are part and parcel of modern life, the typical law firm does not have the expertise nor human resources to deal with cybersecurity matters. Typically, the most prepared companies tend to be insurance law firms, and corporate law firms, particularly those that deal with mergers and acquisitions. This is because these fields are more obviously in need of cybersecurity, and these are fields where clients will more instinctively demand that their lawyers have adequate cybersecurity protections. For instance, a firm negotiating a merger does not want to discover the details have been leaked because its lawyers have poor cybersecurity measures. However, even there, law firms are behind the curve. There are simply not enough lawyers who are skilled in technology and comfortable with cybersecurity matters. Training the requisite number of lawyers will take time.
Considering that there has been a 65% increase in the number of cyberattacks since the start of the pandemic, as companies have been forced to accelerate their shift to digital, it is a salient point that law firms and businesses as a whole, have not been able to accelerate their cybersecurity capacity by a similar degree. Indeed, it is likely that the rate of cybercrimes is even higher: only companies required to report cyberattacks are counted. Law firms do not have to report how many cyber attacks they suffer.
Ransomware is the most significant cybercrime, responsible for 55% of all cyber crimes, with 25% of ransoms being over $1 million. Ransomware attacks on law firms grew by 288% in 2021. The release of the Panama Papers shows the kind of riches that can lie within a law firm’s data. Many law firms hold sensitive client data and are vulnerable to ransomware attacks. And many firms simply do not report these incidents to the authorities. The American Bar Association estimates that 25% of law firms had a cyber breach at some point in 2021 and around 15% of law firms show signs of having compromised cybersecurity.
Few law firms are as prepared for the challenges of cybersecurity as the California Law Firm. Since DLA Piper suffered the industry’s first reported ransomware attack, law firms have struggled to keep up with cyberthreats. Law firms have a lot of work to do: just 43% use any kind of file encryption, under 40% use email encryption, or two-factor authentication and intrusion prevention, while less than 30% use any disk encryption or intrusion detection. The industry is struggling under the wave of cyberattacks hitting law firms.