Press Release: New Study on Cybersecurity Preparedness Finds Less Than Half of Law Firms Implement Top-weighted Protocols

NASHVILLE, Tenn.–(BUSINESS WIRE)–LOGICFORCE, a leading legal IT consultancy, today released the results of its most recent Law Firm Cybersecurity Scorecard, a periodic study designed to assess cybersecurity preparedness across the legal industry and educate law firms on data protection best practices.

Results of the study indicate that law firms are increasingly investing in cybersecurity programs, but most law firms are not implementing many of the protocols that will comprehensively protect them and their clients over time. Many firms’ clients and potential clients are not shy about demanding secure data practices. Fifty-four percent of law firms report being audited by one or more clients at least once – a 13% increase since the last scorecard.

“The 2018 Cybersecurity Scorecard findings show that while cybersecurity preparedness in the legal industry has improved since our last scorecard, law firms must adopt more effective cybersecurity measures to protect themselves and their clients,” said Gulam Zade, partner and general counsel at LOGICFORCE. “Comprehensive cybersecurity protocols are imperative to preserving client trust, protecting the most sensitive data and, ultimately, allowing law firms to differentiate themselves as legal services providers.”

Key findings include:

Most law firms aren’t implementing top-weighted cybersecurity protocols.
Less than half of law firms are implementing some of the top-weighted cybersecurity protocols – these being multi factor authentication (47%), 3rd party risk assessment (37%), having the proper security executive (34%), and SOC monitoring (24%).

Many law firms don’t have formal measures in place to keep their data secure.
Most law firms are investing in certain cybersecurity measures, such as penetration and vulnerability testing (88%) and have some sort of password management tool in place (99%). However, fewer law firms are investing in more formal cybersecurity areas. For example, 36% of firms do not have cybersecurity insurance, 45% of firms do not have formal cybersecurity policies, and 46% do not have cybersecurity training formally documented.

The majority of law firms require better cybersecurity management.
Currently, most (67%) law firms place the responsibilities for implementing and managing cybersecurity policies on either IT Directors or Managers or some other non-IT executive at the firm. Roughly 1 in 3 (34%) firms leave these responsibilities to personnel who have specialized knowledge on cybersecurity, such as a Chief Information Security Officer or an Information Security Manager.

To access the full report, please visit

Survey Methodology
The information in this study is a compilation of critical data points determined by LOGICFORCE and gathered through client surveys, the firm’s proprietary SYNTHESIS E-IT SECURE® assessments, and market research. LOGICFORCE commissioned a survey to determine the cybersecurity policies, practices, and tools that are currently being implemented at law firms and assessed more than 200 IT decision makers across small and medium-sized law firms (20-200 attorneys) located throughout the United States.

LOGICFORCE is a technology consulting firm that improves the profitability and operations of law firms through the strategic application of technology. The firm’s specialties include IT optimization, eDiscovery, document review, cyber security and digital forensics. Since 1995, LOGICFORCE has worked with hundreds of law firms across the country to ensure improved security and productivity within their legal business. To learn more about LOGICFORCE, visit

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *