The American Bar Association completed a TECHREPORT in 2017 to investigate the impact of cyber security breaches on law firms.
According to the American Bar Association: "The 2017 Survey responses make it difficult to tell how many breaches there have actually been with exposure of client data because almost 5% overall report that they don’t know about the consequences. This includes 'don’t know' responses by 3% in firms of 10-49 [attorneys], 8% of firms of 50-99, 25% of firms of 100-499, and 14% of firms of 500+. The uncertainty is increased by the high percentage of respondents (22%), discussed above, who don’t even know whether their firm experienced a data breach."
According to research from the Verizon RISK Team, few breaches are unique, meaning the vast majority of incidents are caused by a small number of scenarios. Verizon classifies 18 different data breach scenarios into four groups; the human element, conduit devices, configuration exploitation and malicious software. For the purposes of this article, we will focus on the malicious software that makes institutions vulnerable.