Login

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Examine cyber exposures of vendor law firms: Report

Reprints
Cyber Risks General liability More + Less -
Law firm cyber risks

Companies are not paying enough attention to the cyber vulnerabilities that stem from their legal vendors, warns a report.

More than 50% of legal department budgets are spent on outside law firms, yet their outside counsel management programs “often lack the risk management components that are typically part of the procurement function, with any cyber risk assessment of outside counsel and other legal vendors often conspicuously missing from the list of (outside counsel management) activities,” says the report, Legal Vendor Cyber Risk Management, An In-Depth Guide, issued Tuesday by New York-based Kroll LLC, a unit of Duff & Phelps LLC.

“This absence is notable not only because risk management is often a critical step of a traditional procurement process, but also because of the nature of data transferred to outside counsel,” says the report.

“In many organizations, this is a treasure trove of highly sensitive and privileged data, representing a relevant and curated list of a company’s litigation, mergers and acquisitions, intellectual property, lobbying activities, and more,” says the report.

With budgets shrinking, “law firms have not prioritized or allocated adequate resources to securing their client data,” says the report, which cites an American Bar Association report as stating 23% of respondents in 2018 reported their firms had experienced a data breach.

In addition to loss or theft of data, business interruption poses “an equally significant risk to organizations,” says the report, which offers advice on developing a legal vendor cyber risk management program.

More companies are insisting their vendors have cyber insurance, as the risks associated with these third-party firms rise, say experts. 

 

Read Next

  • Manufacturers vulnerable to cyber attacks amid tech integration

    A report found that Indian manufacturers suffered 27% of overall cyber attacks in the country in the first quarter driven by the integration of information technology and operational technology, Asian Age reported. The report by India-based cybersecurity firm Quick Heal Technologies Ltd. found that several internet-of-things devices such as sensors, barcode readers, quality control systems and inventory management solutions are unsecured and vulnerable to cyber attacks.

Related Stories

Most Read in Risk Management

Sign up for Daily Briefing, the free email newsletter from Business Insurance.

About

Advertise

Reprints and Licensing

Resources

. Privacy PolicyTerms of Use

COPYRIGHT © 2024 BUSINESS INSURANCE HOLDINGS

Member, Beacon International Group, Ltd.