Bloomberg Law
Free Newsletter Sign Up
Bloomberg Law
Advanced Search Go
Free Newsletter Sign Up

Law Firms Can Now Share Cyber Threats. But Will They?

Aug. 21, 2015, 6:41 PM

Foley & Lardner is taking various measures to protect its servers against cyber thieves, including educating everyone at the firm, conducting audits and investing resources in protection, according to Chanley Howell, a partner who sits on the firm’s cybersecurity committee.

But it’s not planning to join an alliance of law firms that plan to share information about cyber threats.

“Our plate is pretty full,” Howell told Big Law Business. “It’s not on our agenda yet — I’ll put it that way. If we start hearing clients recommend it, then we’ll probably join.”

The alliance, which calls itself the Legal Services Information Sharing and Analysis Organization , or LS-ISAO, launched this week and is affiliated with another organization with a similarly long name: The Financial Services Information Sharing and Analysis Center, or FS-ISAC.

The FS-ISAC is a non-profit that launched in 1999 in response to Presidential Directive 63, which required public and private sectors to share information about physical and cyber security threats.

Jeremiah Buckley, founding partner of Buckley Sandler who has written about cyber risk with a particular focus on electronic signatures, said as a general rule law firms’ efforts to beef up their cybersecurity has come in response to client pressure. In particular, clients in regulated industries, such as the financial services industry, have passed on pressure to protect against cyber risk by auditing their vendors including law firms, Buckley said.

Buckley said his firm is not a member of the LS-ISAO. Sharing information about cyber threats opens new risks, namely that rival firms could exploit information about an attack to tarnish another firm’s reputation, he explained. Even if shared anonymously, a law firm could do some digging and investigation to determine which of its competitors were subject to attacks, Buckley said.

“There is some element of risk and disadvantage from sharing too much,” he said. “There is a competitive aspect to all of this.”

Howell mentioned another concern: that information shared anonymously cannot be verified as accurate.

Both said they thought the concept of sharing information was a good idea worth considering.

Cindy Donaldson, FS-ISAC’s vice president of products and services, said the new information sharing network will have to be built on trust between law firms. Donaldson said the organization launched because a group of law firms approached the FS-ISAC. She declined to name any law firms involved in the effort or even how many have joined.

The alliance is currently open to law firms with a majority of their lawyers based in the U.S., Canada or the U.K. and costs $8,000 to join, according to Donaldson. But the law firms that join the alliance could vote to change the eligibility criteria and the annual cost, she said.

“There’s strength in numbers,” said Donaldson, adding that the organization has talked to about 200 law firms.