Legal industry ranks high in cybersecurity, report says
The legal industry’s cybersecurity performance is in line with the top-performing finance industry, according to BitSight, a cybersecurity rating company.
“There’s this impression that the [legal] sector is behind everyone else,” says Jacob Olcott, a vice president at BitSight and an attorney. “From a quantitative, measurable standpoint, we don’t see that’s true.”
Much like calculating a credit score, BitSight used more than 20 categories to create a cybersecurity score for financial, government/political, legal and retail industries.
For this year’s score, BitSight analyzed 2,295 law firms of “all sizes and geographies,” explains Olcott. Currently, BitSight has only made data about the finance industry public through a recent report. While the ABA Journal received an internal report from BitSight, there are no plans at this time to release a similar analysis on the legal industry.
“That macro-trend here is that the legal sector is a very high performer in cybersecurity,” says Olcott. However, he points out that “this isn’t to say every law firm is top performing.”
The survey found that the legal industry was good at managing and preventing threats like botnet infections, spam, malware, ransomware and adware. The report notes that law firms are also keeping their computer operating systems up-to-date, which helps limit system vulnerabilities. The legal industry also avoids peer-to-peer file sharing and pirated software, which can create vulnerabilities in computer systems.
Olcott says the legal industry’s performance is due to several factors, including increased attention on the industry’s cybersecurity, internal concern about data privacy, and clients demanding heightened security for their sensitive information.
However, the legal industry still has room for improvement. The BitSight report found that law firms were the weakest when it came to applying SSL encryption to their websites. SSL encryption protects websites and its users from a man-in-the-middle attack in which communications between a user and a server are interrupted and information is stolen.
The report points out that the legal industry has made improvements in its use of SSL, but it still lags behind the other industries they study.
This is the fifth year Boston-based BitSight has compiled this survey.