Technophobe Risks and How To Solve Them
Etymologically the term luddite is an early 19th Century noun but in modern meaning refers to philosophy opposing technology and is broad in meaning.
Managing risk within a law firm is challenging as it demands multi-potentiality i.e the ability to excel in several areas of specialism. As such people responsible for managing risk in a law firm need to be experts in the companies’ law specialisms, risk management and cyber security.
From a cyber security perspective this creates a luddite risk where technological risks are less likely to be discovered and controls not put in place.
The problem was made evident in a recent Australian study carried out by LexisNexis, which highlighted 86% of legal practitioners believe the industry needs to up skill in cyber security measures. An example of a recent luddite risk was the IT meltdown at TSB where 1,300 people lost money from fraudsters who took advantage.
In this example the IT infrastructure was implemented by its’ parent company’s IT department, but the ultimate responsibility for the IT meltdown was on the banks’ CEO. This demonstrates that subject matter experts aren’t enough and that ultimate responsibility against cyber risk is handled within a multi potential capacity. This further has the potential to cause bottlenecks for putting solutions in place.
Due to the complexity of law, defining risk is already a challenge, and further luddite risks are often considered an unwelcome challenge.
As cyber criminals become ever more polymorphic it is a challenge that law firms need to address. The Government has already put into place ‘Cyber Essentials’ to help businesses manage these risks, and guidance is offered by the Solicitors Regulation Authority (SRA) and National Cyber Security Centre (NCSC), as well as there are multiple insurance products out there to help mitigate risks and help with risk management.
Solutions that can be put in place for Law Firms:
- Insurance can be taken that covers first/third-party reputational costs, cyber crime investigation, data recovery, system restoration, lost income, extortion payments and notification costs.
- The government has taken action to help organisations guard against common cyber threats. The scheme offers two levels
- The first level is cyber essentials where organisations carry out a self–assessment which is independently verified.
- The second level is cyber essentials plus where the organisations systems are independently tested, and cyber essentials is integrated into the organisations risk management framework.
- The SRA offers guidance on their cyber security page
- The National Cyber Security Centre (NCSC) offers guidance for businesses