Press Release

Cybersecurity Ignorance is Big Risk for Law Firms & Corporate Counsel, ALM Legal Intelligence Analysts Find

ALM Legal Intelligence’s Cybersecurity Research Reports Provide Analysis & Best Practices to Help Industry Adapt to Evolving Landscape

  • Nearly one-third of law firms have not undertaken a formal information, security and privacy assessment.
  • 95% of corporate counsel believe that cybersecurity breaches are becoming more frequent in their industries.
  • 27% of corporate counsel and 47% of law firms say their companies do not regularly test their cybersecurity programs.

New York, N.Y.—December 16, 2015—ALM Legal Intelligence’s inaugural cybersecurity study of law firms and corporate counsel has found legal professionals recognize that cyber-attacks pose an unprecedented danger to their clients and businesses, but struggle to implement adequate solutions to mitigate the threat. In two reports released today during ALM’s cyberSecure conference in New York City (, ALM Legal Intelligence discusses the implications of its research findings, outlines information about the changing cybersecurity landscape, and offers best practices and valuable checklists that law firms and corporate counsel can follow to protect against breaches. The reports also include interviews with law firms and corporate counsel discussing challenges facing their respective firms, and the solutions and processes they have adopted to solve them.

In October 2015, ALM Legal Intelligence surveyed law firms in the Am Law 200 and NLJ 350, as well as corporate counsel at companies in a variety of sectors, including technology, industrials and financial services. The majority (80%) of the corporate counsel represent firms with gross revenue of more than $2 billion. The reports, Cybersecurity and Law Firms: Ignorance is Risk and Cybersecurity and Corporate Counsel: Ignorance is Risk, are available online at

The Cybersecurity and Law Firms: Ignorance is Risk report highlights ALM Legal Intelligence’s research findings related to law firms, including:

  • Nearly one-third of law firms have not carried out a formal information, security and privacy assessment.
  • Approximately one-third of law firms do not hold cyber liability insurance policies.
  • More than two-thirds of law firms have either already established a cybersecurity practice or have plans to form one.

“Cybersecurity presents both risks and opportunities for law firms,” said Steve Kovalan, Senior Legal Intelligence Analyst at ALM. “On the one hand, cyber-attacks pose an unprecedented threat to the confidentiality which is the cornerstone of their relationships with clients. On the other hand, firms that invest in leading-edge information security talent and make an effort to build credible expertise in cybersecurity can distinguish themselves by demonstrating a renewed level of commitment to the trusted attorney/client relationship. They also have the opportunity to gain competitive advantage in the fast-growing market for data-privacy and breach-remediation legal services.”

The Cybersecurity and Corporate Counsel: Ignorance is Risk report features analysis related to corporate counsel, including:

  • 95% of corporate counsel respondents agree that cyber-attacks are increasing in frequency.
  • Only 6% of respondents say their companies’ cybersecurity teams include board members, and only 3% say outside counsel are represented. This suggests that many corporate cybersecurity teams are limited in scope.
  • While 68% of corporate counsel respondents indicated their companies have purchased cyber liability insurance, only 49% stated their firms require third parties to carry such insurance.
  • 27% say their firms do not conduct regular cybersecurity tests.

“Companies often bring in corporate counsel after a breach, when it is clear there are issues related to legal liability and damage control—but companies should do more to involve in-house counsel upfront in cybersecurity preparedness,” said Daniella Isaacson, Senior Legal Intelligence Analyst at ALM. “We find it encouraging that some companies are beginning to embrace a proactive, strategic approach to cybersecurity, but in-house counsel should be more involved in areas such as breach readiness and prevention.”


About ALM

ALM is the most trusted media, information and intelligence company supporting both the practice of and business of professionals in the legal, insurance, commercial real estate and financial services industries. ALM delivers leading data, intelligence, insights, events and audiences essential for growing businesses globally to over 7 million professionals. Please visit for more information, and visit to learn about our upcoming events. Please follow us on Twitter at @ALMGlobal_.