Cyber security for solicitors and barristers. Can you promise confidentiality and asset security if your IT systems are vulnerable ?

In 2015 62% of law firms were estimated to be the victim of cyber attack (PWC) and only 35% had mitigation plans in place. The Information Commissioners Office reported a 32% increase in data breaches in the legal sector in 2015.  Mossack Fonseca was the victim of a major data breach which looked to be carried out by a malicious insider. Insider threat shows that cyber security and safety is more than just a matter of technology safeguards.

Against this rapidly evolving factual backdrop can solicitors and barristers reasonably promise confidentiality and security to their clients and can clients continue to trust that this is the case ?

The legal profession plays a key role in society and the corner stone of that role is client trust in confidentiality and in the security of the assets transferred to solicitors and barristers.The SRA and Bar Standards Board both insist in their codes of Professional Conduct that confidentiality and asset security are maintained.

However, the digital age has brought outsourced IT providers (who themselves outsource), home working on personal devices and remote digital storage very little of which is measured against the criteria of security but very understandably convenience and price. This week 200 million Yahoo passwords were put up for sale on the dark web.

Common sense suggests that until solicitors or barristers have had an independent Digital Audit to check cyber risk levels it would be unwise to make promises about security and confidentialty to clients. To hide a disclaimer of liability for data loss in the small print of an Engagement Letter in the absence of an independent Digital Audit could also be viewed as unprofessional.

To get in touch with us at KLipcorp IP to discuss any issues raised in this article please CLICK HERE