Legal Firms and the Struggle to Protect Sensitive Data 2016 IT Disaster Recovery Planning and Preparedness Survey 1
Table of Contents Survey Objectives... 3 Survey Results... 4-10 Conclusion: Making Sense of the Data... 11 Key Insights... 12 Leverage IT Security and DR to Minimize Your Firm s Risk... 13 Why Firms are Turning to DRaaS... 14
Survey Overview The demands of modernization in law firms have driven intense competition for innovation and service to customers. But adopting innovations while also remaining secure from internal and external threats have become a genuine concern. As a leader in Disaster Recovery-as-a-Service (DRaaS), with expertise in serving law firms, Bluelock commissioned an online reader survey with ALM (parent company of Legaltech News, Law.com, The American Lawyer, etc.) to assess the current state of the legal industry s IT disaster recovery (DR) preparedness, pressures and confidence. We conducted the survey by asking legal IT professionals (66 total respondents) in October 2016, to explore the following: Top three challenges to firms operations Respondents named data security (69%), budget (59%) and overburdened IT teams (40%) as their biggest challenges Confidence in current DR plan Respondents were very or somewhat confident (68%) DR testing methods Respondents were unsure of their testing methods or had no tests (62%) Increasing pressure from constituents Respondents claimed increasing pressures from auditors (51%) and clients (42%)
Survey Results
Despite Top Challenges to IT Operations... Choose the top 3 challenges your firm faces when it comes to successfully managing IT operations. Data Security Budget Overburdened IT Teams 40% 59% 69% Client Demands for Audits & Systems Availability 22% Regulatory Compliance 24% Datacenter Transformation 16% Big Data 26% BYOD & Personal Devices 31% Getting Buy-In from Managing Partners 9% Other 5% 0% 10% 20% 30% 40% 50% 60% 70% 5
The Majority of IT Pros Have Some Level of Confidence in Disaster Recovery... 68% Percentage of respondents that expressed confidence in their DR plan How confident are you that your disaster recovery (DR) plan is effective? 23% very confident 45% somewhat confident 20% not sure 5% somewhat confident 3% not confident at all rest did not respond 6
But Most Aren t Testing Their DR Plans 62% Percentage of respondents who claimed they didn t test or didn t know what tests they did This means the 68% who claimed confidence in their DR plans may be overconfident. Given their concerns for data security, this doesn t bode well. If no DR tests are being done, then firms are not proactively identifying their vulnerabilities. This increases the potential risk and impact of security incidents or an IT service disruption. Please indicate what type(s) of DR testing you are currently using. 32% not sure 16% we don t have a DR plan test 14% we don t have a DR plan 7
Test to Minimize Your Risk Please indicate what type(s) of DR testing you are currently using. 30% 25% 28% 20% 15% 16% 10% 11% 5% 0% Tabletop Tests (Teams Review the DR Plan) Sandbox Simulation (Technology is Testing in Isolation, with No Impact to Production) Full-Scale Testing (Full Failover and Failback Testing of Production Environment) For those law firms conducting IT DR testing, sandbox simulations are most prevalent. To thoroughly test disaster recovery plans and minimize risk, law firms should be initiating sandbox simulation tests at least twice a year. When possible, full-scale testing is the most true-to-life testing method and should be considered. 8
IT Departments are Facing Increased Pressure from Auditors and Regulators 51% Percentage of respondents that claimed to face audits and regulations regarding IT data protection How strongly do you agree with the following statement: My organization is facing increasing pressure from IT audits and regulations? 23% strongly agree 28% somewhat agree 27% neither agree nor disagree 14% somewhat disagree 8% strongly disagree 9
Clients are Putting More Pressure on IT Departments 42% Percentage of respondents who claimed clients are requesting information about their firms IT operations and data protection policies Because law firms house large quantities of sensitive client data, IT departments are facing increased scrutiny especially those whose law firms provide service to clients in the banking industry. How strongly do you agree with the following statement: More of my clients are requesting information about my firm s IT operations and data protection policies? 11% strongly agree 31% somewhat agree 25% neither agree nor disagree 13% somewhat disagree 20% strongly disagree 10
Conclusion Making Sense of the Data
Key Insights Data Security is a Top Priority In Cisco s 2015 Annual Security Report, law firms ranked as the seventh most vulnerable business sector to cyber attacks. Because legal proceedings often rely on sensitive client information, hackers see an opportunity for profit and target firms for this data. No wonder 69% of respondents have ranked data security as the biggest challenge to their firms IT operations. Success is Strained When IT Teams Lack Resources IT professionals at legal firms are expected to be reactive to the needs of their partners. However, stretched budgets (59%) and overburdened IT staff (40%) make it difficult to embrace change in an era where it s critical to mitigate risks. Because downtime can be hugely detrimental to a firm s reputation and livelihood, a proactive approach to DR is essential. Confidence Must Be Based On Evidence Since data is has become a cornerstone of the modern legal practice, it s no surprise that regulators are taking more steps to ensure continuity and clients are requesting proof of resiliency. Yet when 68% percent of respondents express confidence in their DR plans and simultaneously fail to articulate their testing methods, constituents may see this disconnect as an inability to survive in the face of crisis. 62% of firms don t know what DR tests they perform or have no DR tests at all, which poses a major security risk since vulnerabilities aren t being identified. Furthermore, it implies that their confidence in resiliency may be unfounded.
Leverage IT Security and DR to Minimize Your Firm s Risk Information Security practices need to have direct ties to IT incident response procedures. Law firms are increasingly turning to more modern and secure IT disaster recovery solutions to improve their security and resiliency posture. By leveraging Disaster-Recovery-as-a-Service (DRaaS), firms are making huge strides from existing backup-based or depreciated infrastructure to overcoming tight budget and personnel constraints with robust data protection. Taking steps to improve a DR strategy protects your law firm s reputation, client trust and ultimately revenue. The reality is if your information system is taken down for whatever reason: a flood, malware, hack attack, etc., you still have a business continuity and disaster recovery issue on your hands. - Ken Beaver, TechTarget 13
Why Law Firms are Turning to Bluelock Legal firms are turning to Bluelock because we are dedicated to their security and empowerment. Our Disaster Recovery-as-a-Service (DRaaS) isn t just data protection. It s the seamless delivery of a digital experience, no matter the technology, so that your firm can tackle your future with certainty. Serving as an expert extension of your IT team in handling the end-to-end responsibilities of DR planning, testing and maintenance, Bluelock gives your IT talent the freedom to focus on other, more pressing objectives that drive direct value to your law firm. Worried about proof to constituents? Our client portal, Bluelock Portfolio, offers complete visibility with recovery metrics for even the most skeptical stakeholders, auditors or clients. Our unique service program, Recovery Assurance, offers verifiable evidence of recoverability and security. For more information about Bluelock, visit bluelock.com/law. 14
Jumpstart your strategy by visiting our Practical Guide to DRaaS. www.bluelock.com 888.402.2583 Indianapolis Las Vegas