Cyber terrorism and data breaches emerge as top threats for law firms in new survey

Over 70% of large law firms perceive cyber terrorism and data breaches as the foremost threats to their business. That’s according to the results of a new survey – the 2018 Legal Business Continuity Survey – conducted by The Instant Group (the flexible workspace specialist) and legal consultants Sandpiper Partners.

The research details that the three foremost effects of such threats on a law firm are the impact on revenue loss (74% of respondents), inaccessible or lost data (71%) and reputational impact (63%). The majority of technology disruptions affect businesses for more than seven days. As a direct result, the impact of such disruption is the foremost priority for 78% of respondents.

The report analyses data provided by more than 50 law firms in the UK and the US to understand how prepared they are for significant business outages, with the research deliberately focused on where they perceive the risks to be coming from and levels of preparedness as part of business continuity plans.

More than half of the law firms questioned keep their data and document servers stored on site. This creates a serious vulnerability in the event of a disruption as all on-site data storage facilities can be compromised in the event of a successful and destructive cyber attack.

The good news is that 90% of those law firms surveyed do have a business continuity plan in place, while 77% of these companies also have a separate plan specifically for IT and technology-related incidents. The degree of ‘disconnect’ across those surveyed, however, manifests itself in the lack of consistency across the board in terms of who’s responsible for business continuity planning. Ultimately, this can lead to confusing and conflicted messages being delivered across a given organisation.

Enacting business continuity plans

Speaking about the survey results, Lynn Glasser (president of Sandpiper Partners) explained to Risk UK: “There are many events outside of their control that require companies to put in place business continuity plans. Last year alone, many law firms saw the need to enact those plans, or otherwise retroactively create one, as a direct result of malware and terrorism, not to mention hurricanes and other natural disasters. Some of the world’s biggest companies have been compromised as a result of cyber attacks. Subsequently, we’re now seeing more firms recognise the need to have strong business continuity plans in place.”

Following on from this, and as more law firms begin to adopt flexible working initiatives, the research finds that 70% of companies include remote working as part of their business continuity plan. However, The Instant Group and Sandpiper Partners believe this is a major over-reliance, as remote working solutions focus heavily on mobile communications, leaving firms exposed to network outages and unsecured networks, at the same time inhibiting staff from congregating to make key decisions at critical junctures.

The survey findings highlight the fact that many law firms have woken up to the benefits adopting flexible office space can offer. 56% of respondents already leverage these spaces within their business continuity plans and are ready to transition away from remote working and into flexible offices when the need arises.

Mobile networks and cloud computing

John Duckworth

John Duckworth

John Duckworth, UK and EMEA managing director at The Instant Group, added: “Remote working or working from home or a coffee shop, which is often the default position, can place firms at further risk as mobile networks and cloud computing may not be on a secure footing. Rather than their employees working remotely, firms should have arrangements in place with flexible workspace providers.”

The research highlights that firms leveraging the flexible office market are able to expand and contract their space accordingly and, as a result, suffer far less during downtimes. In doing so, they’re mitigating the loss of productivity compared to those firms that don’t have flexible workspace plans in place and rely on remote working.

The Instant Group and Sandpiper Partners also surveyed five major operators of flexible workspace to assess how market demand for business continuity plan-based workspace has changed and whether businesses are looking towards serviced offices and co-working centres as part of their back-up planning. Flexible workspace providers found that 80% of their clients didn’t have a business continuity plan in place. Of those that did, 60% of the solutions involved were activated for between three and six months at a time.

*Read the 2018 Legal Business Continuity Survey

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts