Securing the Law Firm 2021 will take place online and will look at how cybersecurity teams, risk management functions and boards are tackling the key issues. As digitalisation goes critical, is this finally the moment at which traditional cybersecurity management has to change?

Law firms are high-value targets in their own right and as third-parties to the world’s largest and richest organisations. A recent report on the sector concluded that they faced ‘millions of threats’ in a constant bombardment of persistent and sophisticated attacks. The Dark Web is replete with pleas for access to law firms and with offers of information allegedly stolen from them.

So law firms, like other targets, need to ensure they have robust defences against ransomware, BEC and other spearphishing campaigns, DDoS attacks and the other threat types that pose the greatest risks to all high-value targets.

Law firms too, like most other organisations, are being forced into accelerated Cloud deployments, creating issues in everything from AWS to which Microsoft 365 licence to buy and whether to go for a one-stop shop or to layer specific security tools onto the general features of the monopoly platforms.

And the increased pace of transition means increased risk of exposure. Cloud assets were involved in 24% of breaches this year, with applications a key issue. 40+% of those breaches came from web apps, rapidly overtaking desktop as the top source of breach.

More surprisingly, according to a freedom of information request made to the Information Commissioner’s Office (ICO), nearly half (48%) of the top 150 law firms have reported data breaches since the GDPR came into force in May 2018.