Legal industry facing crisis amid shortage of cyber-security specialists

A shortage of qualified cyber-security specialists is becoming critical for law firms following several high-profile cases of hacking, experts have warned.

In 2015, Talk Talk, Ashley Madison, Harvard University, and the US's Internal Revenue Service have all fallen victim to sophisticated and damaging hacks.

Symantec CEO Michael Brown has been quoted saying the global demand for cyber-security professionals is set to grow to six million by 2019 with the shortfall expected to be around 1.5 million, an issue of specific concern for the legal industry given the sensitivity of the data being handled.

Measures have been introduced by the UK government, including Cyber Essentials, a scheme aimed at helping organisations protect themselves against common cyber-attacks.

However, these initiatives have been proven insufficient when it comes to combating modern advanced persistent threats (APTs) to businesses.

Founder of Gibbs S3, Farida Gibbs, commented: 'The range and severity of threats, coupled with the desperate shortage of skilled staff means that the majority of British banks are fighting an increasingly complex war with clearly insufficient resources.

'This issue is compounded by the fact that standing still is not an option - firms need to be far more proactive in beefing up their digital defences as the hackers who are looking to get in are constantly evolving and mutating their attacks.'

Punam Tiwari, senior legal counsel at Gibbs S3 said: 'We've now seen CEOs of major companies lose their jobs because of cyber-attacks which should be a serious wake-up call about the consequences.'

'Companies should start from the assumption that their systems have been infiltrated by criminals and operate on that basis,' she added, 'yet many businesses are simply failing to act.'

Large corporations are not the only targets, however. Recent research from KPMG found that 70 per cent of SMEs can do significantly more to protect sensitive client data.

Tiwari said UK businesses needed to show greater commitment to data protection and cyber-security training as well as planning 'how they will bring on cyber-security experts at a moment's notice - whether that is for a crisis scenario or not'.

Research from earlier this year found that over half of UK legal professionals believed their companies were not doing enough to prevent security breaches.

One in ten lawyers admitted to having no measures at all in place to decrease the risk of data loss.

Matthew Rogers is an editorial assistant at Solicitors Journal matthew.rogers@solicitorsjournal.co.uk