35
I L T A N E T . O R G
C
ompliance and data security are never far
from mind for corporate legal departments
(CLDs) or the law firms that they frequently
collaborate with.
A recent survey of Chief Legal
Officers (CLOs) by the Association of Corporate Counsel
(ACC) found for the third consecutive year that cybersecurity,
compliance, and data privacy were the most important issue
for CLDs, with cybersecurity first among those concerns.
Meanwhile, the same survey found that over half (53.6
percent) of CLDs believe that data privacy protection rules
will pose one of the biggest challenges to their organization,
with 80 percent expressing concern over changing data
privacy laws in the jurisdictions where they do business.
Fully 90% expected data privacy concerns to accelerate.
Put simply, challenges abound on multiple fronts – but
the right cloud can play a fundamental role in helping these
organizations to keep email, documents, and knowledge
safe and secure, properly governed, and compliant, even
amidst the thicket of thorny security and compliance issues
that today's legal organizations must navigate.
Risk from Multiple Directions
First amongst these challenges is the rise of the hybrid
workplace, which sprang up in response to the COVID-19
pandemic and then gained a foothold in firms and
corporations of all sizes. According to Cushman and
Wakefield, 90% of law firm respondents anticipate that
10% of their lawyers will be working remotely at least
twice a week within the next two years. The environment
outside the four walls of the office is a much more difficult
environment to secure.
Hybrid work aside, there's the simple fact that many
end users within legal organizations are already in the
cloud and using services that lack proper governance.
For instance, if teams are using messaging, file sharing,
collaboration, or email services, then they are likely already
sharing sensitive information in the cloud – possibly via
consumer services like Box, Dropbox, or Google Drive.
Even organizations that primarily use on-premise
software deployments are not fully immune from potential
vulnerabilities. According to Microsoft research, 80%
of organizations that use on-premise servers still use the
cloud for at least a portion of their data protection strategy.
Alongside these trends, ransomware and cyber security
threats and attacks continue to rise in number and maturity.
The CEO of the UK's National Cyber Security Centre
said in June 2021 that ransomware was the key threat
facing the UK. Ransomware is, of course, equally prevalent
in the US: The Department of Justice has said that around
$350 million in ransom was paid to malicious cyber actors
in 2020, an increase of more than 300% on the amount
paid out in 2019.
The legal sphere remains an attractive target for
these attacks. Research from global cyber security firm
BlueVoyant found that 100% of law firms analyzed were
targeted in attacks by threat actors, and 15% of a global
sample of law firms showed signs of compromised networks.
Lest law firms and CLDs think that the bad guys
don't bother going after "small fish," Sophos' The State of
Ransomware 2020 reveals that ransomware is no longer
just a threat to larger organizations. It found that just
under half (47%) of the organizations with 100-1000
employees in its survey were hit by a ransomware attack,
while just over half (54%) of the organizations with 1001-
5000 employees were hit.
Finally, compliance – whether it stems from a client
RFP detailing standards for data protection, or from a new
law or regulation that has been issued – continues to grow
more complex, with increasingly high-stakes penalties for
failure to comply. Witness the $59 billion USD paid out in
penalties by corporations for U.S. regulatory infractions
