IBM Security recently released its Report on the cost of a data breach in 2023. This report examined 553 organizations that experienced data breaches between March 2022 and March 2023 to help IT, risk management and security leaders understand the impact.
Why Should Lawyers Pay Attention to This Data Breach Report?
for one Target of a recent global cyber attackincluding three of the world’s leading big law firms.
In addition, according to the American Bar Association Legal Tech Survey Report 2022, 27% of law firms reported have ever experienced a security breach.
In our increasingly connected society and in a profession that demands data security, lawyers simply cannot afford a data breach. Nevertheless, more than a quarter of companies report that they have been affected.
Here are some highlights from IBM’s 2023 Costs of a Data Breach report and take a closer look at how attorneys can avoid a data breach.
Watch our webinar on legal cybersecurity here For more actionable tips to protect your business, click here.
Highlights from IBM’s 2023 Cost of a Data Breach report
The 2023 Cost of a Data Breach Report examined 553 organizations affected by data breaches between March 2022 and March 2023.
The average cost of a data breach has increased
According to IBM, the global average cost of a data breach has risen to $4.45 million. This amount is the highest ever reported and represents a 15% increase over the past three years.
For professional services firms (including legal, accounting, and consulting firms), the cost of a data breach is even higher, with an average cost of $4.47 million.
Organizations don’t often discover data breaches themselves
Unfortunately, companies that experience a data breach are not often the ones who notice the breach.
According to IBM, only one in three data breaches was identified by the organization itself – 40% were discovered by a neutral third party (e.g. law enforcement), while 27% were reported to the organization by an attacker.
Artificial intelligence can help
The use of artificial security intelligence (AI) and automation can help organizations reduce data breach detection and response times—thereby reducing breach cycles—and help them save on costs.
Organizations that leveraged security AI and automation saw an average of 108 days shorter security breach lifecycles. They also saved nearly $1.8 million in data breach costs compared to companies that didn’t use these technologies.
Learn more about AI and security in our article: Exploring the intersection between AI, cybersecurity and privacy.
What does a data breach look like for lawyers?
A data breach is essentially any breach of security that results in unauthorized access to sensitive information.
Within a law firm, a data breach can occur in a number of ways, including:
- Lost or stolen hardware (for example, if an unencrypted work laptop is stolen from an employee’s car)
- Cyber attacks (e.g. malicious attacks by cyber criminals)
- Employee errors (e.g. when an employee inadvertently discloses confidential information)
While data breaches can be devastating in any industry, this is unique to lawyers Ethical commitments make data security particularly important for their organizations.
Why lawyers need to take data breaches (and data security) seriously
Lawyers have an ethical duty to protect their clients’ information and to disclose data breaches. As described in our Data Security Guide for Law Firms 2023Attorneys should “use reasonable efforts to prevent the accidental or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” ABA Model Rule 1.6: Confidentiality of Information.
Depending on your location or area of activity, additional violation reporting requirements may apply HIPAA (for lawyers who process personal health data), GDPR (for lawyers who process personal data of EU citizens) or the data protection compliance requirements of your public prosecutor.
But what about the consequences of a data breach?
Beyond the high financial cost of a data breach outlined in the 2023 report, data breaches can have other significant impacts on law firms. This can include a loss of confidence in your company and lawsuits for malpractice.
Learn how to protect your law firm with our on-demand webinar. Legal cyber security: How to protect your company from increasing threats.
Protect your law firm from a data breach
Avoiding data breaches doesn’t happen overnight. Law firms need to invest heavily in security and carefully review their software vendors.
Clio is proud to offer you something industry-leading security, including dedicated security experts available 24/7 to respond to data breaches and other security events. Clio adheres to industry best practices (like HTTPS and TLS) and complies with GDPR, HIPAA, and PCI laws. fIn addition, Clio’s data hosting facilities are audited annually for SOC2 and ISO27001 security certifications. Book a demo with Clio to learn more.
Ultimately, no law firm can guarantee that a data breach will not occur.
However, prevention is the best way to minimize your risk. By working with software providers like clio who are not only committed to data security, but also understand the unique compliance requirements that law firms must follow, you can protect your firm and your clients from the unexpected.
And if you’re looking for more data security insights, be sure to check out our guide Cyber Security for Lawyers!
We published this blog post in August 2023. Last update: .
Categorized in: Company