A survey of more than 150 Canadian lawyers shows that more than one-third anticipate increasing their spending on cybersecurity in the coming year.
The same survey also shows lawyers interviewed plan to expand their budgets by 25 per cent to purchase cybersecurity tools.
“I think that law firms are growing their practice and organizations are bringing in subject matter experts to consult on how they can prevent cybersecurity attacks. Then, also, either the subject matter experts internally or their outside counsel can help assist them if they are unfortunately a victim of a cybersecurity attack,” says Marisa Ellis, a regional vice president with Robert Half Legal, based in Chicago.
“I think, in particular, the legal industry and law firms are susceptible to this because they hold so much information, not only within the law firm but access to client information and files, which puts their clients at risk.”
The survey by Robert Half Legal was done through phone interviews with more than 150 lawyers throughout the country.
About six per cent of lawyers who were asked if they planned to increase spending said they planned to do so significantly. Another 29 per cent said they would increase spending somewhat, while another 53 per cent said they would neither increase nor decrease spending. Another one per cent said they would somewhat decrease their spending, while no respondents said they would decrease spending significantly.
Christine Ing, partner at Blake Cassels & Graydon LLP and co-practice group leader of the firm’s information technology group, says she is not surprised by the survey’s findings.
“It basically reflects spending increases in every industry . . . data is the new oil, as everyone says. It’s a valuable asset,” she says.
Ing says there have been increases in people’s awareness of what good security practice requires.
“I think just generally the level of awareness of understanding of these new security requirements is causing anyone who has a lot of data to make sure that they are doing the best that they can do to protect that asset,” she says.
Ing says it’s important to recognize that “you can’t just buy cybersecurity protection.”
It requires educating people, as well, she notes.
“It’s an enterprise-wide thing. It involves not just technology but people and processes,” she says. “These very expensive security devices might help, but in the absence of a good overall cybersecurity ‘way of life’ at the organization, it’s not going to be a silver bullet.”
Ing says lawyers should ensure they look beyond their own four walls and look at the cloud computing they’re using as well.
“[W]e have a duty of confidentiality to our clients, and our reputations are largely ties to that duty of confidentiality,” she says.