97% of cybersecurity leaders are evaluating vendor security, including law firms, says new survey

  • Print.


Ninety-seven percent of corporate cybersecurity leaders say they formally evaluate the security practices of vendors, like law firms, according to a new survey.

Released Feb. 8, the report, titled “The Shifting Cybersecurity Landscape: How CISOs and Security Leaders Are Managing Evolving Global Risks to Safeguard Data,” explores the role of chief information security officers, the adoption of cloud technology and how businesses are auditing their vendors.

While the report did not focus on the legal industry, formal evaluation of legal vendors was touched on. Seventeen percent of respondents said these evaluations were driven by regulatory requirements. Even with this level of scrutiny, only 53 percent said they were confident in the security of their data being managed by third parties, like law firms.

Digital Dangers logo.

Cybersecurity and the law

A joint production of the ABA Journal and the ABA Cybersecurity Legal Task Force

Fifty-seven percent of respondents said they were periodically involved in litigation or investigations. And the level of concern regarding sharing data with these companies “depends on the case and litigation, as well as what disclosure of information is required,” said an unnamed technology CISO in the report.

Looking at cloud storage, the report found that 87 percent of respondents were using third-party cloud providers to “host non-critical information” to save money and streamline business processes. Nearly one-fifth said that moving to the cloud was spurred by using Microsoft Office 365.

The 30-person survey, conducted last August by Ari Kaplan Advisors and Ankura, a consultancy, included chief information security officers, chief technology officers and director-level positions related to information security from primarily the U.S. Sixty-seven percent of respondents were from highly regulated financial- and healthcare-related industries, which skewed results towards stronger levels of awareness of these issues, according to the report.

Give us feedback, share a story tip or update, or report an error.