Attacking Costs

For law firms, working with confidential and privileged data every day, an effective IT security program is a top priority to minimize risk. Every industry is vulnerable to cyber-attack. In 2014, according to PwC, there were 43 million known security incidents in global business, the equivalent of 117,000 attacks a day. That’s a 48% increase on 2013. And in the legal sector, 62% of law firms reported a cyber-attack last year, up from 40% the previous year.

But one of the most alarming facts is that 66% of these incidents are discovered several months later, revealed by a third party, according to the Verizon 2013 data breach investigation report. As 78% of cyber-attacks are executed without any sophisticated expertise or technology, companies need to implement efficient and up-to-date multi-level security solutions to protect both business and clients.

As connected devices expand, security requirements will also shift from protecting a single piece of hardware to securing an entire network of devices. Each object is a potential intrusion entry point. Data protection, secure operations, traceability and resilience are crucial.

The Big Data Difference

New technology’s empowering firms − creating a more efficient business process and offering a differentiating advantage. However, other emerging technologies such as the internet of things, cloud computing, the bring your own device trend and big data, give malicious individuals a new playground to exploit. McKinsey says approximately 2.3 trillion gigabytes of data are created every day, with volumes growing exponentially. Big data often has few built-in security safeguards, making it especially vulnerable, so regularly checking how employees manipulate it is key.

Employees represent the weakest links in IT security. According to Forrester, over a third of intrusions are allowed through by employee negligence − ignorance of security rules or inappropriate use of personal data or company files. Moreover, it takes an average 43 days for a cyber-attack to be discovered (according to the Ponemon Institute).

Most companies can’t resolve the issue in-house. Security specialists and consultants, lawyers and audit firms are often required, which can all cause a significant increase in cost. The average starting costs for a major security breach at a large organization has more than doubled to an average of £1.46m since last year − and the expenses incurred post attack will always be higher than those invested to prevent them. The bottom line − a proactive approach to IT security could also save you money. Of course, private information published online, or confidential records compromised, can seriously tarnish brand image and break trust. The Ponemon Institute says almost half of organizations felt their reputation was damaged as a result of a data breach. And PwC says just a third of firms are ‘very confident’ in their IT disaster recovery capabilities. The low figure, combined with increased reliance on IT systems, indicates urgent need for action.

Need for Speed

So sustaining a strong security system is critical. However, budget is often a major restricting factor. Lack of funds for multi-level security solutions often leads to the implementation of sub-standard programs and inadequate protection − and organizations need to refresh their digital security continually to keep up with the latest emerging vulnerabilities.

The smart way for organizations to access such high standards, perhaps previously too expensive to buy outright, is to make use of finance solutions. Leasing enables firms to replace investment peaks with fixed and fully tax deductible rentals. It gives them access to the technology they need when they need it, not just when budget dictates it can be bought.

In addition, by matching the lease term with the refresh cycle, firms reduce the risk of existing systems growing obsolete. Rolling out a comprehensive IT security project also takes time. With a pre-lease facility, costs can be warehoused. The firm only starts to pay once the system has gone live and is delivering. You may also be paying for the support of a legacy security system in place during a transition period. Leasing releases cash to be spent in other areas of the business too.

Finally, companies that grow through mergers and acquisitions have to deal with disparate IT security systems introduced with each one. A powerful asset management solution helps firms to get an accurate, comprehensive overview of all digital security assets, trackable with a click.

Choose Lifecycle

Private and public sector alike have grasped the importance of IT security. The UK government has rated cyber-attacks as a ‘tier one’ threat. However, the approach is normally purely technical or purely organizational, when it needs to be holistic. Basic antivirus and malware protection are designed for home computers, not companies dealing with confidential financial data and information.

Technology providers able to assist firms through the IT network lifecycle (design, build, run, transform), are best positioned to give business both resilient and proactive security. Specialists providing multi-level technology (preventative solutions, security incident management systems, data encryption, firewalls, and so on) enable firms to take back control of the network and fully exploit the possibilities of new technology.

With 95% of law firms telling PwC they plan to undertake a major IT project in the next 12 months, smart finance solutions are available to help protect customers, reputation and budget.

This article was originally published in the December 2015 edition of Briefing Magazine.


Econocom is Europe's largest independent provider of digital finance and associated services. Active in 19 countries across Europe, Morocco and North America, Econocom has been working closely with the legal sector for more than 20 years. Econocom has many years' expertise in the financing of large hardware and software projects such as CMS and PMS systems. By working with Econocom, our clients benefit from stable IT budgets and comprehensive management of their technology portfolio. This means they can concentrate on their core business free of the administrative and budgetary hassle of buying technology. Click here for more information.

Return to Forefront main page »
Thomson Reuters Elite Headquarters
800 Corporate Pointe, Suite 150, Culver City, CA 90230
© 2016 Thomson Reuters
Thomson Reuters