The number of risks for legal firms is ever increasing with the variety and unpredictability of cyber terrorism intent on taking down a company’s systems and the reasons for this are not always financially motivated, making them harder to predict. Preparation is critical to ensuring businesses can continue to operate in the event of an outage or period of downtime. After the events of the last year, clients are casting a more cautious eye over the potential outfall of business outages and ensuing disruption.
In a recent survey commissioned by The Instant Group, more than 50 law firms in the U.S. and U.K. set out how well equipped they thought they were for significant business outages. In the last twelve months alone, there have been 2 significant cases where law firms have been impacted by malware attacks or natural disasters, resulting in significant disruption and loss of business. These occurred mainly because BCP plans unraveled during a time of stress, and coordination of teams across multiple locations failed.
Where do firms perceive the next attack to be coming from?
The biggest perceived threat is from data breaches and cyber-attacks, with over 71% of respondents placing this as their greatest risk. The majority of outages affect businesses for more than 7 days and technology disruption is a major concern. Being unable to access data and client information can be inconvenient at best, and in some cases catastrophic. The inability to service clients can also have an impact on an organizations reputation.
How prepared do law firms think they are?
Ninety percent of firms who responded have a “Business Continuity Plan” (BCP) in place, and 77% have a separate BCP specifically for IT. The confidence in their BCPs was reassuring but then their responses to some of the other questions belied other potential issues including a lack of alternative location strategies and failure to meet relevant regulations.
More than half of firms surveyed kept data/document storage on servers on-site – an approach which presents a serious vulnerability in the event of a disruption, as servers can be compromised in an attack.
Seventy percent of firms surveyed include remote working as part of their BCP. Instant and Sandpiper believe this represents significant risk—remote working solutions (which includes working from home, coffee shops, etc.) focus heavily on mobile communications and cloud solutions, which in turn leaves firms exposed to network outages, unsecured networks, and inhibit staff from congregating to make key decisions at a critical time.
In summary, there is evidence of a significant level of planning across legal organizations but a number of inherent risks remain. An overreliance on remote working and the assumption that remote working solutions, which focus heavily on mobile communications, would leave many firms exposed in the event of network outages.
The research found that firms leveraging the flexible office market are able to expand and contract their space accordingly and, as a result, suffer far less during downtime. In doing so, they are mitigating the loss of productivity compared to firms that do not have flexible workspace plans in place and purely rely on remote working.