Ride the Lightning

Cybersecurity Stats are in for the ABA’s 2020 Legal Technology Survey Report

October 26, 2020

Though the entire ABA 2020 Legal Technology Survey Report is out, first up online were the stats related to Technology Basics and Security. Respondents were asked a total of 262 questions, with 21 questions focused on security. The attorneys who responded were in private practice and here is the breakdown of participants: solos (26%); firms of 2-9 attorneys (30%); firms of 10-49 attorneys (17%); firms of 50-99 attorneys (5%); firms of 100-499 attorneys (10%), and firms of 500+ attorneys (12%).

The answers came in between March and May 2020 so they do reflect the initial impacts of COVID-19, particularly the work-from-home movement.

43% of respondents use file encryption, 39% use email encryption, 26% use whole/full disk encryption. Other security tools used by less than 50% of respondents – have two-factor authentication (39%), intrusion prevention (29%), intrusion detection (29%), remote device management and wiping (28%), device recovery (27%), web filtering (26%), employee monitoring (23%), and biometric login (12%). By in large, this indicates that lawyers are not taking cybersecurity as seriously as they should be.

How are firms doing with cyber insurance? Firms ranging in size from 10-49 attorneys are most likely to have cyber liability insurance (40%), followed by firms of 100+ attorneys (38%). One notable trend is the increase in the number of smaller firms with such coverage, with firms of 2-9 attorneys (36%) and solo attorneys (33%) up respectively from 27% and 19% since 2017. I am happy to see those numbers but they also reflect that we still have a long way to go. And sometimes, insurance companies deny coverage. There are a lot of exclusions and there have been more than a few court battles. Cyber insurance is great and certainly helps fill the risk gap, but it won't protect you from having to deal with a data breach and you have to be darn sure to understand the coverage you have.

I was not surprised that the new survey shows that 29% of respondents have suffered a data breach (compared to 26% in 2019). I have always thought it likely that this stat is low – in many firms, especially large firms, attorneys may never learn of a breach unless it becomes public.

This is borne out by 21% of respondents reporting that they do not know whether their firm has ever experienced a security breach, with big firms representing the highest percentage of that number at 62% for firms with more than 100 lawyers.

34% of respondents have an incident response plan (IRP), compared to 31% in 2019. Progress there seems very slow to me. Unsurprisingly, 77% of respondents from firms of 100+ attorneys said that their firms had an IRP.

Suggestion for the laggards: Read ABA Formal Opinion 483 – and then start drafting.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson