10 Takeaways from the ABA 2021 Cybersecurity Report

First, the bad news: 25 percent of law firms say they’ve experienced a data breach.

Now the good news: only seven percent say the breach resulted in unauthorized access to sensitive client data.

Those are two key findings from the ABA 2021 Legal Technology Survey.

“Law firms are an attractive target for cybercriminals,” according to this article in Attorney at Work. “With a plethora of data about so many people and businesses, law firms are a one-stop-shop for harvesting a wealth of information.” 

Are you aware of the resources and services available at Lawyers Mutual Consulting & Services? Founded by Camille Stell, who also serves as president, LMCS is a subsidiary of Lawyers Mutual. Its mission is to help firms build a modern law practice. It does that by offering expert advice and assistance into law firm trends and best practices. Camille and LMCS helps lawyers and firms create strategic plans and succession plans. A popular speaker and writer, Camille loves to guide lawyers through succession planning and into Life after Law. Contact her today.

10 Takeaways from the ABA 2021 Cybersecurity Report

1. 25 percent of respondents overall said their firms had had a security incident – such as a lost or stolen computer or smartphone, hack, break-in, or website exploit – at some point. This is down from 29 percent last year, 26 percent in 2019, 23 percent in 2018, and 22 percent in 2017.
2. Reported consequences of data breaches include: downtime/loss of billable hours (36 percent); consulting fees for repair (31 percent); destruction or loss of files (13 percent); replacement of hardware/software (18 percent).
3. 64 percent of firms reported no significant business disruption or loss from a breach.
4. 24 percent of firms said they had to notify a client or clients of the breach. (Note: ABA Formal Opinion 483 addresses the duty to notify clients under Model Rule 1.4).
5. 14 percent of firms that experienced a breach reported that they gave notice to law enforcement; this ranged from 13 percent for solos to 70 percent for firms with 500 or more lawyers.
6. 42 percent of firms said they had cyber liability insurance.
7. 53 percent said their firms have a policy to manage data; 60 percent have a policy on email use; 56 percent have one for internet use; 57 percent have one for computer acceptable use; 56 percent have one for remote access; 48 percent have one for social media; 32 percent have one for personal technology use/BYOD; and 44 percent have a policy for employee privacy. Seventeen percent said they had no formal policies at all, while eight percent said they didn’t know if they had any policies.
8. The most common cybersecurity tool is the spam filter, used by 81 percent of respondents. Other cyber-safety tools: software-based firewalls (75 percent); anti-spyware (75 percent)’ mandatory passwords (70 percent); antivirus for desktops/laptops as well as e-mail (70 percent) and networks (66 percent).
9. One-third of respondents used penetration testing or some similar intrusion detection and prevention system.
10. 70 percent of firms require mandatory passwords; 11 percent use biometric logins.

Sources: ABA Legal Technology Report 2021; Attorney at Work

Lawyers Mutual is on your side as you adjust to practicing law post-COVID. Our email newsletter “Practice Reimagined” offers timely tips, pointers and valuable links on wellness, work-life balance and quality of life – delivered straight to your in-box. Lawyers helping lawyers. It’s what we’ve been doing more than 40 years.