“Incident Response Plans Come of Age” by Sensei’s Sharon Nelson and John Simek was featured in the December 2019 issue of the San Bernardino County Bar Bulletin.
Excerpt: WHY DO ONLY 25% OF LAW FIRMS HAVE INCIDENT RESPONSE PLANS?
One of the most striking findings of the ABA’s 2018 Legal Technology Survey Report was that only 25% of law firms had an Incident Response Plan (IRP). In a world struggling daily against cyber incidents and data breaches, that is a piteous statistic. We don’t know why so many law firm fail to create incident response plans, but it is time to come to grips with the necessity of having an Incident Response Plan. The last time we focused on this subject in an article was in 2015. It is definitely time to revisit the topic and issue a rallying cry for the adoption of IRPs.
Let us be clear at the outset that we are zeroing in on solo, small and mid-sized law firms. While large law firms will include all the elements we reference below in their IRPs, theirs will be far more complex and with many moving parts. As ever, we are trying to craft a solution that is reasonable and not financially overwhelming to meet the ethical rules which govern lawyers