Law Firm Cybersecurity Trends 2023
The legal industry is one of the biggest targets for hackers due to the sensitive data that law firms keep. Law firms are putting more focus on cybersecurity every year due to evolving cyber attacks and increased cybersecurity requirements from both clients and regulations. There are three big trends that will impact firms in 2023:
Client audits increase
Previously, client audits would only come from law firms largest clients. However, as IT supply chain attacks have multiplied, even SMBs clients are starting to require firms to attest to their cybersecurity stance. Any firm doing corporate work should have a robust cybersecurity baseline going into 2023, such as ironclad backups, strong incident response and disaster recovery policies, and regular validation of IT processes such as testing backups.
24x7 Managed security
Hackers don’t sleep, your security should not either. While there was never any question this was a good idea, over the last year it has become affordable and thus increasingly required. Many smaller firms currently have staff that may be on-call (both in-house and through outsourced IT), which means slow response times and sleeping through middle of the night calls. Outsourced providers offer security analysts sitting at a desk 24x7, meaning any successful attacks are caught quickly, reducing damage.
Vendor accountability
The legal industry has a poor track record of software security and compatibility. One prominent example is Office 365 tightening email security in 2022. This was announced two years in advance, yet many vendors continued to force poor security on their client firms, until the last second when the deadline forced them to improve. Clients and insurance continue to push firms to improve security, including the vendors they use.
There are two vendor groups primarily impacted by this. First is the software providers, who must start building security into their products day one, they cannot be at the tail end of mandated security anymore, or adding patchwork solutions. The other is outsourced IT providers, who the cyberinsurance industry has designated as one of the highest risk industries due to a poor track record of security. These providers form the backbone of IT and security for both small and midsize firms, and 2023 has started with them playing catchup to what good security looks like.
Struggling with cybersecurity, client audits or cyberinsurance? CGP is your go-to experts for all facets of small and mid-size firms. Talk to a partner today!