Q: What could put your firm at severe peril of failure that has nothing to do with clients, markets, bank debt, partner flight, infighting at the top, or any of the other usual suspects?

A: A cybersecurity breach of your systems exposing confidential client info.

Yes, you’ve heard all about this before and yes, it’s recently been in the news (US Charges Three Chinese Traders with Hacking Law Firms,—The Wall Street Journal, 29 December 2016), but it’s 2017 and cyber(in)security is no longer new, surprising, or frankly excusable.

Lest you harbor any doubt, Preet Bharara, keeping his usual low profile, pointed to the firms—though not identified publicly, by every account they were Cravath and Wachtell—in announcing the break in the case:

Manhattan U.S. Attorney Preet Bharara said the case should serve as a reminder to law firms that “you are and will be targets of cyber hacking, because you have information valuable to would-be criminals.”

Legal-industry experts say law firms often lag behind their corporate clients in data-security measures, even though they are entrusted with valuable trade secrets, market-moving deal news and other sensitive information that is attractive to hackers.

Now, how long will it be before Mr. Bharara moves from warning law firms to prosecuting them? How much money would you bet on his indefinite forebearance?

Yet, on the whole, the consensus of informed observers is that Law Land is a few years behind corporate land in taking cybersecurity seriously. This demands that one ask, “Why would that be?” and I have an unflattering and a more-unflattering hypothesis.

The unflattering one is that law firms have only found themselves in the cross-hairs recently, or perhaps it would be more accurate to say they’ve only known they were in the cross-hairs recently. Serious cybersecurity also costs real money:

“Law firms aren’t necessarily committed to things that don’t make them money per se,” said Neil Watkins, the senior vice president of security, risk, compliance and privacy at legal-services company Epiq Systems.

You might think Mr. Watkins is being harsh, or speaking out of pure self-interest (Epiq offers data-breach response services). But the fact remains, per the ABA’s annual Legal Technology Survey for 2016, that only one law firm in three has a staff member specifically charged with data security, much less a full-bore CISO.

Related Articles

Email Delivery

Get Our Latest Articles Delivered to your inbox +

Sign-up for email

Be the first to learn of Adam Smith, Esq. invitation-only events, surveys, and reports.

Get Our Latest Articles Delivered to Your Inbox

Like having coffee with Adam Smith, Esq. in the morning (coffee not included).

Oops, we need this information
Oops, we need this information
Oops, we need this information

Thanks and a hearty virtual handshake from the team at Adam Smith, Esq.; we’re glad you opted to hear from us.

What you can expect from us:

  • an email whenever we publish a new article;
  • respect and affection for our loyal readers. This means we’ll exercise the strictest discretion with your contact info; we will never release it outside our firm under any circumstances, not for love and not for money. And we ourselves will email you about a new article and only about a new article.

Welcome onboard! If you like what you read, tell your friends, and if you don’t, tell us.

PS: You know where to find us so we invite you to make this a two-way conversation; if you have an idea or suggestion for something you’d like us to discuss, drop it in our inbox. No promises that we’ll write about it, but we will faithfully promise to read your thoughts carefully.