On Dec. 12, 2016, the American Bar Association’s Journal ran a story by Debra Cassens Weiss titled “Unsealed suit targets law firm for alleged lax cybersecurity.” It reported on the recently unsealed complaint against a Chicago law firm alleging that they put client information at risk because of poor cybersecurity practices. This news does not come as a surprise to any cybersecurity professional.
On the contrary, we have seen this time and again, and across the range of responsibilities. Owners, and law partners, although “sensitized” to cybersecurity issues, frequently abdicate their due care responsibilities when it comes to cybersecurity, preferring instead to depend on their technology departments to “make the problem go away.” This is a clear violation of due care, and a wide-open door to lawsuits.
