The information created and processed by a law firm is one of its most valuable assets. The consequences of a cybersecurity breach could be:
Firm funds could be stolen and loss of income could result from inability to operate, failure to complete client work or business deals, reduction in productivity, staff downtime, increased insurance premiums and the cost of attempting to recover lost information, equipment or data.
Clients expect their solicitor to operate in a safe and secure environment, and expect high standards. A security breach will cause reputational damage and could result in loss of existing and potential clients.
The General Data Protection Regulation (GDPR) and Data Protection Act 2018 require appropriate technical and organisational security. Non-compliance can result in fines, enforcement notices, or an investigation from the data protection regulator, the Information Commissioner’s Office. Regulatory fines for non-compliance can be up to either 4% of annual global turnover or €20 million. See the Law Society’s Guide to GDPR for more information.
Solicitors working under panel appointments, for example with banks or public bodies, may find themselves in breach of contract and potentially liable to indemnify their clients if a security breach results in a data loss.
Protection of confidential information is a fundamental feature of a solicitor’s relationship with clients under the Law Society’s practice rules and standards of conduct. Failure to introduce satisfactory security measures could be seen as a breach of this obligation and lead to a finding of misconduct.