June 2016: Law Firm Risk Survey ReportsFour reports cover key global geographies: United States, UK, Canada and Australia
2016 Law Firm Risk Roundtable Survey Highlights Evolving Risk Landscape Across Key Geographies The report presents information gathered from leading law firms, measuring attitudes, priorities and response strategies.
- Information security was ranked as the No. 1 risk management priority by over half of firms in the UK and Canada, and by more than one-third of respondents in the US and Australia. Data breaches, data loss and exposure of confidential client information – resulting from cyberattacks and/or internal leaks or failures – were frequently cited as key concerns. Many firms reported that information security questionnaires and audits from clients were becoming more frequent and more onerous.
- Concern about managing conflicts of interest is growing in many countries, including the US, where 37% of respondents ranked it as their topmost risk management concern in 2016 – up from 22% in 2014. Respondents cited a range of factors that contribute to missed conflicts and inadvertent conflicts, including the volume and complexity of conflicts checks in large growing firms, particularly internationally; lack of awareness of “who is the client” (including subsidiaries and affiliates); and business and commercial conflicts.
- A growing number of larger clients are imposing outside counsel guidelines, often introducing complex terms that many firms find challenging to track, manage and comply with. The 2016 Law Firm Risk Roundtable Survey provides an interesting overview of how firms are responding to outside counsel guidelines, and how they are viewed by lawyers and staff.
- Survey respondents were asked to comment specifically on their risk stance toward cloud-based services and storage for the first time. Firms are generally divided on the issue. Even in the US, where 47% of firms reported that they were already using cloud services, respondents generally reported a cautious approach to the cloud, requiring service providers to meet rigorous standards. While some firms reported that they did not allow client information to be stored in the cloud, others reported that in some instances, it was the clients themselves who were requiring them to use cloud services.
November 2014: Law Firm Risk Survey ReportsFour reports cover key global geographies: United States, UK, Canada and Australia
2014 Law Firm Risk Survey Highlights Top Industry Priorities Across Key Geographies
The report presents information gathered from leading law firms, measuring attitudes, priorities and response strategies.
- Law firms have been making significant investments in risk management. The trend is particularly striking in the UK, where 83% of firms responded that they had a dedicated risk management budget, up from only 45% in the 2012 survey. In Canada, 42% of firms reported having a dedicated risk management budget. Those firms that lack a dedicated risk budget typically draw resources from other departments, such as IT and finance.
- Information security and conflicts are ranked as the top risk management priorities for firms worldwide. Information security was the most frequently mentioned priority by a large margin in the UK, where 50% of respondents cited it as their top concern. In the US, 37% identified information security as their No. 1 priority, followed by conflicts management, which was the top concern for 22% of respondents. Meanwhile, in Canada, nearly 60% of respondents identified conflicts as their top risk management priority.
- Client-driven audits are becoming increasingly common, indicating a steady trend since 2012. Approximately 50% of respondents in the US and Australia indicated that their firm’s risk and security practices have been subject to an external audit, either a client or regulatory body. Most client audits are performed by financial services entities in these countries.
October 2013: Law Firm HIPAA Compliance Survey Report
Law Firm HIPAA Survey Highlights Industry Commitment to Compliance with New Privacy and Security Rules Now in Effect The report presents information gathered from over 70 organizations, measuring attitudes, priorities and response strategies.
- Interest in and responsibility for HIPAA compliance spans departments and stakeholder roles – survey participants include firm management, risk management, heads of IT, information security managers and practice group leaders.
- Firms report that protected health information subject to HIPAA protections often appears in matters from firm healthcare, litigation, labor & employment, insurance, and medical/life science practice areas.
- Firms see reputational harm as the key risk and impact of a breach or compliance failure.
- Firms are actively pursuing compliance with new HIPAA regulations, employing measures including undertaking internal assessments and review of business associate agreements, implementing new policies and training and adopting security and monitoring controls.
- In many instances, compliance measures are spearheaded by IT, often working cross-functionally with risk and practice stakeholders.
- To manage future compliance, firms overwhelmingly plan to modify business intake procedures to identify and flag HIPAA-related matters at the point of inception.
- Many firms are discussing HIPAA compliance with their insurance brokers or underwriters to assess the applicability of current malpractice and cyber insurance policies or expand coverage.