Posted by Doug Hargrove, managing director for legal and education at Legal Futures Associate Advanced [1]
Hargrove: consequences for firms that fail to implement robust cyber security measures are stark
Many legal firms are failing to prioritise issues such as security and compliance when it comes to technology investment.
In fact, only 24% of British businesses put it at the top of their list, and only 53% have a security strategy, according to the recent Digital Business Report by Advanced [2]. Many firms are simply not investing in upgrading their existing systems, which represents a significant threat from the increase in cyber attacks. It is arguably also holding them back from innovating and providing a better service to clients.
We know that law firms are constantly looking to drive efficiencies and transform the way information and processes are managed, often to ensure fee-earners win back time to spend on providing trusted advice to their clients.
Technology investment plays a key role in this process. By making the right technology choices, firms are not only freed up to innovate, but also be better prepared and therefore mitigate the risks that come from cyber security.
This can’t be stressed enough. While digital innovation represents a huge opportunity for the legal sector, it also goes hand in hand with a need for greater emphasis on cyber security. The growing infiltration of, and dependency on, the internet, along with technology trends such as the Internet of Things and artificial intelligence, is changing how firms service clients, the way they operate together and therefore widening the area of opportunity for attack.
The consequences for firms that fail to implement robust cyber-security measures are stark – ranging from severe operational disruption to financial losses, redundancies or even bankruptcy. This is echoed by recent high-profile attacks, which show that organisations are not detecting attacks quickly enough, are slow to respond to them and do not understand the impact of an attack on their business once it is underway.
For example, the National Cyber Security Centre reported [3] that £11m of client money was stolen due to cyber-crime in 2017, with 60% of law firms reporting an information security incident in the same year. The legal sector needs to consider cyber-security within its digital strategies and technology investments. But security concerns should not deter firms from moving forward with modernising their IT.
When considering how to progress these plans, barriers that firms often face include a lack of internal resources, expertise or time to manage such projects. This is when an expert partner can help, supporting firms in achieving their IT goals securely.
Here’s what you should consider when looking for an IT partner:
Ability to understand your current IT: the age and heritage ingrained in law firms is reflected in most of their IT estates. Make sure that a provider has experience in complex legacy IT environments. Ask potential partners about other projects they have undertaken to establish that you can trust them to effectively understand your IT.
Experience in the legal sector: the legal sector has specific requirements from the regulations and challenges faced, along with the requirements they necessitate. Your ideal IT partner will have an appreciation of this and be able to demonstrate a track record with other IT projects for law firms. Ensuring a cultural fit between your organisation and your partner will prove invaluable throughout the project.
Industry-leading partnerships: just as your clients look to you for a trusted network of suppliers, your ideal IT partner will be working with industry-leaders that can ensure they are embracing the latest technology developments – critical given the pace of digital change. Check they have the right accreditations to support the software you rely on.
Pragmatic innovation: for IT projects to succeed, they need to be in line with associated cultural changes to the way people work. Your IT partner should offer a pragmatic strategy that shows they understand where your firm is and how best to get it to where you want to be.
Security included: finally, building cyber-security resilience needs to be a critical component of any IT project you undertake from the outset. Make sure your IT partner recognises this is a key priority, the risks relevant to your specific situation such as putting the protection of your client data at the heart of the project, consistently improving your security position.
The bottom line is that building cyber resilience and investing in technology is a necessity for law firms. However, we recognise this can be daunting. So make sure you follow our check list to guarantee your firm has the right partner in place to deliver the expertise, resources and time for the project, and help you fully appreciate the risks of cyber-crime and take the necessary steps to mitigate them.