Only a quarter of law firms are GDPR ready. One in five has experienced an attempted cyber attack in the last month.
New research from CenturyLink EMEA, a network and managed IT services provider specialising in digital transformation, reveals a snapshot of the state of GDPR readiness and cybersecurity attack risks at UK law firms and the investment being made to respond effectively to attacks. The findings of the survey of 150-plus IT decision makers in the legal sector are detailed in a new paper – Law Firms and Cybersecurity: how can lawyers keep their client data confidential.
Amongst the findings:
Only a quarter (25%) of law firms surveyed are ready for the general data protection regulation (GDPR). As the GDPR deadline fast approaches and the importance surrounding data protection intensifies, the results highlight that the majority of firms need to prepare while they still have time to be fully compliant with the legislation coming into force on 25th May next year. Failure to do so could result in severe penalties, with a maximum fine for data breaches up to 20 million Euros or 4 percent of annual global turnover.
Steve Harrison, Sales Director at CenturyLink EMEA, commented on the GDPR findings: “With the deadline for GDPR compliance looming ever closer, law firms still have a chance to be ready, but they need to take action now. At CenturyLink, we provide a GDPR readiness assessment for businesses that are unsure of where to begin. This enables organisations to analyse their business and data to determine where the gaps are, and what steps should be taken. In addition, implementing a security log monitoring and analysis service will enable organisations to quickly identify if and when they have experienced a breach, enabling them to better comply with the GDPR breach notification regulation.”
According to the study, one in five law firms has experienced an attempted cyber attack in the last month.
In addition, less than a third (31%) of IT directors believe their firm is compliant with all cybersecurity legislation. Respondents cited several challenges to more effective privacy and data security including human mistakes (50%), dedicated cyber attacks such as Distributed Denial of Service (DDoS) and ransomware or SQL injection (45%) and lost documentation and devices (36%) as the top problems.
In a bid to combat such cybersecurity threats, more than half (55%) of firms said they have employed data security professionals and 60% now provide compulsory cybersecurity training for staff.
Law firms are also outsourcing their IT infrastructure to providers who can offer a secure environment – to support their digital transformation initiatives, 43% of respondents are moving the hosting of their applications to cloud providers and one in four (23%) are moving their servers to a colocation facility.
In regards to shadow IT, the research revealed 43% of IT decision makers at law firms trust their IT teams ‘to do the right thing’ for their business despite a third (33%) of firms not permitting bring your own device (BYOD) or bring your own apps (BYOA). Eleven percent have no shadow IT policies at all.
Steve Harrison commented on the cybersecurity findings: “Every time a law firm faces an attempted cybersecurity attack, their infrastructure, data and customers’ data, as well as their reputation, is at risk of being compromised. That risk grows as companies have to offer more online services and flexible remote working options for staff in order to be competitive in today’s digital world.
“It’s promising to see that growing numbers of law firms are taking steps towards greater security by moving away from legacy, on-premise IT systems to private or public managed cloud solutions. At CenturyLink, we provide cloud and security services to keep organisations’ operations running at peak performance. Managed services not only minimise the risk posed by external attacks but free up internal resources to focus on innovative IT and business initiatives.”