Legal Business Blogs

No more weak links – elite law firms unite to fight cyber security threat

It has long been a gripe among major clients – in particular banks – that law firms are the chink in the armour against the growing barrage of cyber attacks. In response, some of the world’s top law firms are banding together to form a cyber security alliance to share intelligence on threats, specific attacks and best practice.

Firms including Sullivan & Cromwell, Debevoise & Plimpton, Paul Weiss Rifkind Wharton & Garrison, Linklaters and Allen & Overy (A&O) are working to form the body, which is expected to launch before the summer.

The group is being modelled on the banking industry’s equivalent forum in the US – the Financial Services Information Sharing and Analysis Center (FS-ISAC) – which is used to exchange information about combating cyber crime.

The alliance will see a list of leading New York and City law firms exchange information with some of Wall Street’s largest banks, including Bank of America, Morgan Stanley, Goldman Sachs and JP Morgan Chase, to protect sensitive information against an increasingly sophisticated array of cyber threats.

A spokesperson at one of the law firms involved told Legal Business that the discussions are still at an early stage. ‘The [alliance] will be a soft under-belly to what already exists within the financial services. At present, firms are trying to figure out how to get this off the ground,’ the spokesperson added.

The group is likely to be affiliated to the FS-ISAC, which law firms cannot directly join. It is expected that firms in the group will also work with LegalSEC, an initiative from the International Legal Technology Association, an influential industry body.

Other firms understood to be involved include Cravath, Swaine & Moore and Cleary Gottlieb Steen & Hamilton. While one prospective member of the group confirmed the discussions, which were first reported in The New York Times, two other law firms declined to comment and another was unavailable for comment on Friday (6 March).

The US-based group is expected to attract many more firms as cyber security moves up law firm agendas. The initiative comes after mounting pressure from regulators in the US and Europe for companies and their advisers to protect client data and notify agencies of serious breaches.

Law firms are often claimed by cyber security specialists to be a vulnerable point of attack for hackers given the amount of data they hold on major bluechip clients. Nevertheless, legal advisers sharing information will have to demonstrate that client data is being fully protected and that no competition issues are being raised.

Benedict Hamilton, managing director in Kroll’s global investigation and disputes practice, told Legal Business: ‘It’s very sensible. Cyber criminals look for the weak link around the target they are focusing on, and very often these are law firms, so for legal advisers to be sharing information and raising their cyber resilience to the same levels of their clients makes a lot of sense. Law firms have to pay serious attention to this as there have been attempted hacks on law firms and barrister chambers.’

See Anatomy of a Breach for an in-depth report on client attitudes to cyber security. Click here for a comment piece from PwC Legal’s Stewart Room