Legal professionals need to talk about cyber threats
Cyber risk is a moving target. According to “ Cybersecurity Trends: IBM’s Predictions for 2023”: “Almost as fast as the cybersecurity industry releases new security tools, adversaries evolve their techniques to circumvent them. This year will be no different.”
The prevalence of hybrid work compounds the risk: humans remain the biggest threat to an organisation’s cybersecurity, particularly now as we routinely migrate between home and office working environments with devices that hold sensitive data.
Managing this challenge requires coordination well beyond an organisation’s IT department.
“In a law firm, the general counsel must feel confident in approaching their cyber team and finance team about prioritising and paying for the appropriate cybersecurity protections,” said Sharon Glynn, director, underwriting for Travelers Europe.
“Lawyers must be conversant in the cybersecurity threats faced by their organisations, their clients and suppliers.”
In a joint letter to the Law Society in July, the UK National Cyber Security Centre and the Information Commissioner’s Office reminded solicitors of their role in reducing ransomware, the biggest online threat to the UK. Law firms are not only appealing targets for cybercrime—they are also being held to account when cyber attacks succeed.
Brokers can make the connection
Brokers play an important role in helping lawyers protect themselves and their clients against these threats. They can give lawyers the tools they need to have informed conversations and build understanding about cyber risk—whether across departments within their firm or in their dealings with clients.
Cyber threats can be overwhelming. Brokers can prove their worth to their legal clients and become invaluable partners by providing ongoing education in plain terms. Helping lawyers stay abreast of evolving cyber threats empowers them to minimise the threat of a cyber attack and, if one should occur, to limit its damage. Brokers can start by helping their legal clients take stock of their existing cyber risks to identify potential vulnerabilities. This includes assessing how a firm stores and secures its sensitive data, how that data moves throughout the business, and who can access it.
What policies are in place to protect the business? How are employees currently trained about existing threats and instructed to identify and report suspicious activity? In the past few years alone, organisations have had to make significant adaptations as technology has changed how people work and how they manage sensitive data. Do their systems and policies reflect their current working environment?
