The Legal Risks of Cyber Theft

With the rising number of cyber thefts in the US, numerous lawsuits have been filed against businesses and organizations. In general, the public expects that their bank will take sufficient action to stop data theft. We expect this of the federal government, credit card companies and retail stores as well. Citizens believe that most of the large companies we all do business with will take every precaution to protect our personal and financial data. It’s only natural that the many serious data breaches at places like Experian and JP Morgan Chase have rattled the public’s trust. Even law firms haven’t been completely exempted from these attacks. In 2015, Law360 reported that one in four law firms had experienced some type of security breach. Though this represents a serious threat in terms of the legal and financial implications, almost half of all law firms surveyed that same year said they didn’t have a data breach response plan in place. The High Cost of Breaches In the last few years, data breaches have become so prevalent that it’s almost commonplace to hear that a favorite department store has been breached. In the healthcare industry, it’s estimated that a data breach in America costs more than 2 1/2 times the global average. At $380 per record, healthcare data breaches threaten us all in more ways than we know. The same is true in the legal industry. A lawyer has a great deal of personal and private information about each client. This might even include information that could lead to the client’s arrest. In America, whatever you say to your doctor, lawyer or priest is still protected under the law. But what if those confidential documents end up being placed online by cyber thieves? Information like this can ruin someone’s life, their business, or their marriage—And it can be painfully embarrassing to the law firm that allowed the breach to occur. An annual report sponsored by IBM and completed by the Ponemon Institute measures the impact of data breaches. Their report concludes that having a sound data-breach response plan in place can reduce the overall cost by as much as 28 percent. Though this is good news, the legal industry must measure costs other than financial. Their reputation is compromised once a data breach occurs. People need to trust their lawyer. If you hear that a law firm you’ve done business with has recently experienced a cyber breach, how likely are you to continue doing business with this firm? Other Effects of Cyber Breaches Learning that all your personal information is in the hands of thieves on the other side of the world causes a significant change in the behavior of consumers. One study found that consumers who learned of a data breach at their favorite retail store cut back on purchases from that retailer. With over 1,500 data breaches taking place in 2017, consumers responded in this way:

• 84 percent said they might not consider doing business with a retailer who had experienced a data breach.
• 57 percent of holiday shoppers felt that identity theft and data breaches would be a significant threat during the holiday season.
• Four in 10 consumers said they believe businesses aren’t doing the best they can to protect us.
• 38 percent said they weren’t sure all companies were doing everything possible to stop data breaches.

These numbers show the true belief of consumers. Most simply don’t believe that businesses are doing all they can and that if they continue to shop at certain stores, there’s a higher probability of having their private information stolen by thieves. This is a strong reason for a consumer to stop shopping at a store, and many have. Law Suits Against Lawyers Due to the growing number of cyber thefts, consumers are taking their favorite stores, law firms, hospitals, banks and others to court. They believe these entities were negligent and didn’t provide strong enough security measures to prevent the breach. In some cases, they are right. These lawsuits prove that Americans are tired of waking up and finding that their personal information was stolen again by cyber thieves. They’re ready to take action. So how do you make things right again with customers who have had their personal info stolen from your database? Cybersecurity experts can put together a full security plan for your law firm or business that will outline the issues you need to address and offer several different solutions. They begin by investigating whether you have indeed lost documents to thieves. Next, they find out how the breach took place. Then, they begin to collect evidence surrounding the breach. The more they can learn about what happened, the easier they can prevent a breach like this from occurring again. Every vulnerability is explored, and determinations are made about the best ways to shut these vulnerabilities down so they cannot be exploited again. Once the experts have all this information about what happened, they will recommend specific security measures that you should take at once. They will also recommend enhancements to all your IT systems and networks. Lastly, security experts will put in place much stronger measures to stop cyber thieves from breaking back in. Why Do Breaches Keep Happening? A growing number of cybersecurity experts are finding that breaches occur because employees aren’t properly trained in how to spot a suspicious email. One lawyer said he gets emails almost daily from hackers who are trying to break into his system. All they need him to do is click on a link. Companies are spending more money now to have security experts come to their business and teach their employees what to look for and how to spot suspicious emails. Every employee must be trained, and training should include annual refresher courses. John Hutchins of LeClairRyan’s Technology and Innovations recently commented about this: “There’s evidence to suggest that users are getting suckered by fake messages more and more every year. In fact, 30% of phishing messages were opened by their intended targets, and about 12% of recipients then went on to click malicious attachments or links.” Jennifer Stueckler at LegalShield states that the average cost of a data breach is $3.5 million. Below, is the breakdown of the spend:

• Restoring brand reputation: 29%
• Lost productivity: 21%
• Revenue losses: 19%
• Digital forensics: 12%
• Technical support: 10%
• Compliance & Regulatory: 8%

Her company did its own survey about cyber breaches, and this is what they found: 39% of those surveyed said they would stop shopping at the store until the problem was resolved. 10% said they would never shop at the store again. Attitudes like this can have a significant impact on a store’s revenue. Future sales might not be as strong simply due to consumer mistrust. New Regulations Today, regulatory and compliance requirements are being changed. The requirement to maintain and secure your network database will include large financial penalties for those who don’t follow the guidelines. For organizations like law firms, financial institutions, and the government, these guidelines will be even tougher. The public expects this. And they expect that someone will oversee these new programs to make sure that everything possible is being done to protect the confidential data of patients, clients, and shoppers.