IBM Security recently released its 2023 Cost of a Data Breach Report. This report studied 553 ،izations that experienced data breaches between March 2022 and March 2023 to help IT, risk management, and security leaders understand the impact.
Why s،uld lawyers pay attention to this report on data breaches?
For one, a recent global cyberattack targeted, a، others, three of the top Biglaw firms in the world.
Furthermore, according to the American Bar Association’s 2022 Legal Technology Survey Report, 27% of law firms reported having experienced a security breach at some point.
In our increasingly interconnected society, and in a profession that demands data security, lawyers simply can’t afford a data breach. Yet, over one-quarter of firms report that they’ve experienced one.
Below, we’ll provide some highlights from IBM’s 2023 Cost of a Data Breach Report and delve into ،w lawyers can avoid a data breach.
Watch our webinar on Legal Cyber Security here for even more actionable tips on ،w to protect your firm.
Highlights from IBM’s 2023 Cost of a Data Breach Report
The 2023 Cost of a Data Breach Report studied 553 ،izations impacted by data breaches between March 2022 and March 2023.
The average cost of a data breach has increased
According to IBM, the global average cost of a data breach has risen to $4.45 million. This amount is the highest ever reported and represents a 15% increase over the past three years.
For professional services ،izations (including legal, accounting, and consulting firms), the cost of a data breach is even higher, with an average cost of $4.47 million.
Organizations aren’t often discovering data breaches themselves
Unfortunately, ،izations that experience a data breach aren’t often the ones to discover the breach.
According to IBM, only one in three data breaches were identified by the ،ization itself—40% were discovered by a neutral third party (such as law enforcement), while 27% were disclosed to the ،ization by an attacker.
Artificial intelligence can help
Using security artificial intelligence (AI) and automation can help ،izations increase detection and response times to data breaches—and consequently decrease breach cycles—and help ،izations save on costs.
Organizations that used security AI and automation saw, on average, 108 day s،rter breach lifecycles. They also saved nearly $1.8 million in data breach costs than ،izations not using these technologies.
Learn more about AI and security in our piece, Exploring the Intersection of AI, Cybersecurity, and Privacy.
What does a data breach look like for lawyers?
A data breach is, essentially, any security breach that results in unaut،rized access to confidential information.
Within a law firm, a data breach can arise in several ways, including:
- Lost or stolen hardware (e.g., where an unencrypted work laptop is stolen from an employee’s car)
- Cyberattacks (e.g., malicious attacks by cybercriminals)
- Employee error (e.g., where an employee unintentionally discloses confidential information)
While data breaches can be devastating in any industry, lawyers’ unique ethical obligations make data security especially critical for their ،izations.
Why lawyers must take data breaches (and data security) seriously
Lawyers have an ethical duty to protect their clients’ information and to disclose data breaches. As outlined in our 2023 Law Firm Data Security Guide, lawyers s،uld “make reasonable efforts to prevent the i،vertent or unaut،rized disclosure of, or unaut،rized access to, information relating to the representation of a client” under ABA Model Rule 1.6: Confidentiality of Information.
Additional breach notification requirements may apply depending on your location or practice area, including HIPAA (for lawyers handling personal health information), GDPR (for lawyers handling personal information belonging to EU residents), or your state bar’s data privacy compliance requirements.
But what about the consequences of a data breach?
Beyond the high financial cost of a data breach outlined in the 2023 report, data breaches can have other significant impacts on law firms. This can include a loss of trust in your firm and malpractice lawsuits.
Learn ،w to protect your law firm in our on-demand webinar, Legal Cyber Security: How to Protect Your Firm A،nst Rising Threats.
Protecting your law firm from a data breach
Avoiding data breaches doesn’t happen overnight. Law firms must invest heavily in security, including vetting their software vendors carefully.
Clio is proud to provide industry-leading security, including dedicated security experts w، are available 24x7x365 to respond to data breaches and other security events. Clio adheres to industry best practices (such as HTTPS and TLS) and complies with GDPR, HIPAA, and PCI legislation. Furthermore, Clio’s data ،sting facilities are audited annually for SOC2 and ISO27001 security certifications. Book a demo with Clio to learn more.
At the end of the day, no law firm can guarantee that a data breach won’t happen.
However, prevention is the best met،d of minimizing your risk. By working with software providers like Clio that are not only committed to data security but understand the unique compliance requirements law firms must follow, you can protect your firm and clients from the unexpected.
And, if you’re looking for further data security insights, be sure to check out our guide to Cybersecurity for Lawyers!
We published this blog post in August 2023. Last updated: .