Given the ever-growing prevalence of cyber incidents among law firms, clients are increasingly concerned with how their law firms are handling sensitive information for representation. According to a 2018 Verizon investigative report mentioned in a BBC News article, “almost 40 percent of all successful malware-based attacks involved ransomware.” Because third parties can be an attack vector, clients are asking for assurance from their legal professionals to manage these threats in particular. Many law firms are seeing an increase in information security and data governance audits coming from clients. These requests pile up quickly too.
While it may sometimes appear there’s little-to-no effort or forethought on a client’s part in sending a request for a cybersecurity audit or review, this may not always be the case. For clients in regulated and/or compliance driven industries, these organizations often have pressure to demonstrate the adherence of their vendors to specific standards, controls, and capabilities. Moreover, with more stringent cross-border regulations going into place, such as GDPR, clients with multi-national presences are required to have assurances from their partners and vendors. This effectively means a firm must support these requirements if they wish to retain these clients.
